Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20210927 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor autofs btrfsprogs (5.13.1 -> 5.14) c-ares catatonit (0.1.5 -> 0.1.6) ceph (16.2.5.113+g8b5bda7684e -> 16.2.6.45+g8fda9838398) cfssl (1.6.0 -> 1.6.1) chrony compat-usrmerge conmon (2.0.29 -> 2.0.30) conntrack-tools cri-o (1.21.2 -> 1.22.0) cryptsetup (2.3.6 -> 2.4.1) curl (7.78.0 -> 7.79.0) e2fsprogs (1.46.3 -> 1.46.4) elfutils etcd ethtool (5.13 -> 5.14) fcoe-utils fuse3 (3.10.4 -> 3.10.5) glib2 glibc (2.33 -> 2.34) grub2 haproxy (2.4.3+git0.4dd5a5a6c -> 2.4.4+git0.acb1d0bea) harfbuzz (2.8.2 -> 2.9.1) helm (3.6.2 -> 3.6.3) installation-images-MicroOS (17.13 -> 17.15) iproute2 (5.13 -> 5.14) iputils irqbalance (1.8.0.14.ga7f8148 -> 1.8.0.18.git+2435e8d) json-glib (1.6.4 -> 1.6.6) kbd kernel-firmware (20210812 -> 20210901) kernel-source (5.13.13 -> 5.14.6) keylime (6.1.1 -> 6.2.0) kmod krb5 kubernetes (1.22.1 -> 1.22.2) kubernetes1.21 (1.21.4 -> 1.21.5) kubernetes1.22 (1.22.1 -> 1.22.2) kubic-control (0.12 -> 0.12.1) less libXi (1.7.10 -> 1.8) libapparmor libcontainers-common libdrm libepoxy (1.5.8 -> 1.5.9) libfido2 (1.7.0 -> 1.8.0) libglvnd libgudev (234 -> 237) libhugetlbfs libseccomp (2.5.1 -> 2.5.2) libtirpc libxkbcommon (1.3.0 -> 1.3.1) libzypp (17.28.1 -> 17.28.4) microos-tools (2.11 -> 2.12) multipath-tools (0.8.6+32+suse.f11c192 -> 0.8.7+14+suse.5a09bfa) ncurses (6.2.20210814 -> 6.2.20210911) nfs-utils numactl (2.0.14.17.g498385e -> 2.0.14.20.g4ee5e0c) open-iscsi open-lldp (1.1+36.e926f7172b96 -> 1.1+44.0f781b4162d3) pam (1.5.1 -> 1.5.2) pam-config (1.3 -> 1.4) pango (1.48.9 -> 1.48.10) patterns-base patterns-microos perl (5.32.1 -> 5.34.0) perl-Bootloader (0.935 -> 0.936) permissions (1550_20210518 -> 1550_20210901) pinentry (1.1.1 -> 1.2.0) pmdk (1.9 -> 1.11.0) podman (3.2.3 -> 3.3.1) python-Jinja2 python-Pillow (8.3.1 -> 8.3.2) python-greenlet python-importlib-metadata (3.7.2 -> 4.8.1) python-jsonpatch python-numpy (1.21.0 -> 1.21.2) python-ordered-set (3.1.1 -> 4.0.2) python-pandas (1.3.1 -> 1.3.3) python-simplejson (3.17.3 -> 3.17.5) python38 (3.8.11 -> 3.8.12) python38-core (3.8.11 -> 3.8.12) qemu (6.0.0 -> 6.1.0) salt selinux-policy shadow (4.8.1 -> 4.9) suse-module-tools (16.0.8+1 -> 16.0.10+7) system-users systemd (248.6 -> 249.4) systemd-default-settings sysuser-tools talloc (2.3.2 -> 2.3.3) transactional-update (3.5.1 -> 3.5.5) util-linux util-linux-systemd vim (8.2.3360 -> 8.2.3408) xkeyboard-config yast2 (4.4.16 -> 4.4.20) yomi-formula (0.0.1+git.1629280900.fdbe9f0 -> 0.0.1+git.1630589391.4557cfd) zypper (1.14.48 -> 1.14.49) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) ==== autofs ==== - autofs-5.1.7-use-default-stack-size-for-threads.patch: Use default stack size for threads (bsc#1189199) ==== btrfsprogs ==== Version update (5.13.1 -> 5.14) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.14 * convert: * new option --uuid to copy, generate or set a given uuid * improve output * mkfs: * allow to create degenerate raid0 (on 1 device) and raid10 (on 2 devices) * image: * improved error messages * fix some alignment of restored image * subvol delete: allow to delete by id when path is not resolvable * check: * require alignment of nodesize for 64k page systems * detect and fix invalid block groups * libbtrfs (deprecated): * remove most exported symbols, leave only a few that are used by snapper * no version change (still 0.1) * remove btrfs-list.h, btrfsck.h * fixes: * reset generation of space v1 if v2 is used * fi us: don't wrongly report missing device size when partition is not readable * other: * build: experimental features * build: better detection of 64bit timestamp support for ext4 * corrupt-block: block group items * new and updated tests * refactoring * experimental features: * new image dump format, with data ==== c-ares ==== - new upstream website - drop multibuild - tests do not require static library anymore - spec file cleanup - drop sources that were re-added to upstream distibution (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake) - 5c995d5.patch: augment input validation on hostnames to allow _ as part of DNS response (bsc#1190225) ==== catatonit ==== Version update (0.1.5 -> 0.1.6) - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). - Update catatonit-rpmlintrc in order to cover that static binaries are now an error not a warning. ==== ceph ==== Version update (16.2.5.113+g8b5bda7684e -> 16.2.6.45+g8fda9838398) Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - Update to Version: 16.2.6.45+g8fda9838398: + rebased on top of upstream commit SHA1 dbc87327c37d0f305c2107e487cb98a072ae858b upstream 16.2.6 release https://ceph.io/releases/v16-2-6-pacific-released/ - Update to 16.2.5-504-g6a3a59bd19e: + rebased on top of upstream commit SHA1 0d1e1f2973cae7645126fc88a72743367c790d9d + (bsc#1189605) cmake: exclude "grafonnet-lib" target from "all" ==== cfssl ==== Version update (1.6.0 -> 1.6.1) - Update to version 1.6.1: * Support for DelegationUsage extension * remove -u flag from readme, link to releases * remove old go versions from travis * fix upgrading transitive coreos dependency breakage ==== chrony ==== Subpackages: chrony-pool-openSUSE - Added hardening to systemd service(s). Added patch(es): * harden_chrony-wait.service.patch * harden_chronyd.service.patch ==== compat-usrmerge ==== - statically link xmv to avoid glibc 2.34 dependency (__libc_start_main@GLIBC_2.34) - turn on filetriggers in main package. Needed for single transaction upgrades (boo#1189788) ==== conmon ==== Version update (2.0.29 -> 2.0.30) - Update to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify ==== conntrack-tools ==== - Added hardening to systemd service(s). Modified: * conntrackd.service ==== cri-o ==== Version update (1.21.2 -> 1.22.0) Subpackages: cri-o-kubeadm-criconfig - Update to version 1.22.0: Dependency-Change * Update runc within static binary bundle to v1.0.1 * Update static binary bundle runc version to v1.0.0-rc94. * Update static binary bundle runc version to v1.0.0-rc95. * Updated crun in static binary bundle to v0.20.1 Deprecation * The internal_wipe option is now true by default. Further, it is being deprecated, and will be unconditionally true in the future. API Change * Update how the resources for a workload is specified. Now, to override a workload, the pod must have the annotation $prefix/$ctr_name = {"$resource_type": "$resource_value"}. The workloads feature has also been marked as experimental, which should have happened from the beginning. Feature * Added --metrics-collectors/metrics_collectors configuration to enable or disable certain metrics. * All metrics collectors are enabled per default. * Added crio_image_pulls_layer_size histogram metric to get insights about all pulled layer sizes. * Added build tags as well as AppArmor and seccomp status to crio version output. * Added generation of self-signed certificates for the secure metrics endpoint * if the provided cert and key paths are not available on disk. * Added secure metrics endpoint configuration options * Added structural logging of container ID, sandbox ID and process ID on container start. * Automatically reload metrics TLS certificate and key if any of those specified files change. * CNI plugins are now passed a K8S_POD_UID environment variable containing the pod UID this sandbox was started for. * Changed the logging behavior of klog messages to be included in the CRI-O logs. * The klog info verbositry is converted to CRI-O debug to lower the log verbosity. * Cri-o now does not limit the DNS search paths. * Enable the "volatile" option for the overlay drivers when it is supported by the underlying kernel. * Rootless: enable resource limit when cgroup v2 controllers are delegated. * Support io.kubernetes.cri.blockio-class container annotation for specifying blockio class. * Support blockio.resources.beta.kubernetes.io/pod pod annotation for specifying the default blockio class to all containers in the pod. * Support blockio.resources.beta.kubernetes.io/container.NAME pod annotation for specifying the blockio class of the NAME container in the pod. * Add blockio_config_file config file option (and corresponding --blockio-config-file for command line) for configuring blockio classes and their cgroups blockio controller parameters. * Support io.kubernetes.cri.rdt-class container annotation for specifying RDT class. * Add rdt_config_file config file option (and corresponding --rdt-config-file for command line) for configuring the resctrl pseudo-filesystem. * The config field drop_infra_ctr is now true by default * The runtime_config_path option, which allows to specify the path of the runtime configuration file, is now supported by CRI-O. This is specific to the VM runtime type. * Validate certificate dates for TLS metrics endpoint Design * Drop support for the crio.shutdown. * ExecSync requests now don't use conmon, instead calling the runtime directly, which reduces overhead. Bug or Regression * Add support for absent_mount_sources_to_reject, which allows admins to configure paths that, when mounted into a container despite not existing on the host, causes a container creation request to fail. This is useful for paths like /etc/hostname, which causes trouble as a directory, but possibly shouldn't be created as a file either (in the case of a dynamic hostname). * Add symlink /proc/mounts on /etc/mtab to container * Add the config field internal_wipe which moves the responsibility of wiping containers after a reboot and images after an upgrade from the external binary crio wipe to the main crio server. This has a handful of advantages, the main one being crio is now better able to cleanup CNI resources after a reboot. * Allow users to customize conmon's resources if a pod is in a workload. * CRI-O now logs when it is using cgroupv2 * Fix a bug in internal_wipe that would mean CNI resources would be leaked across reboots. * Fix a bug where CRI-O can't work with runc 1.0.0-rc93 because of an incorrectly specified list of capabilities * Fix a bug where CRI-O would leak opened files for namespaces on a server restore * Fix a bug where crio config would print a string for privileged_without_host_devices, not a boolean * Fix a bug where a container exec process received a little less time than the timeout provided * Fix a bug where an exec sync timeout would fail to cleanup the runtime exec process * Fix a bug where cAdvisor couldn't read the disk usage of a pod with a dropped infra container * Fix a bug where duplicate requests would stall even if the pod or container was already created * Fix a bug where server startup was significantly slowed down by attempting to clean up CNI resources after a reboot. * Fix a performance regression with exec probes * Fix a segfault when CRI-O has takes more than 8 minutes to create a pod or container * Fix an RSS regression with exec sync requests * Fix an issue where a container started with a terminal fails on exec sync calls * Fix drop ALL and add back few caps behavior to not include the default configured capabilities * Fix potential panic when reopening a container's log * Fixed bug where it was not possible to run containers using the default or no seccomp profile on * seccomp disabled builds/machines * Fixed bug where runtime VM created containers never reach their completed state. * Fixed linkmode detection for on en_US systems crio version * Fixed runtime panic for layers lockfile if its parent directory does not exist. * Added support for repositories in auth.json * Re-attempt setting up conmon's cgroup if it fails on EAGAIN from dbus * Reduce the permission on the listen socket to 0660 * Reuse connection when connecting to dbus, as well as reattempt the connection if it fails temporarily * The privileged_without_host_devices flag can now be given a an additional parameter to configure a runtime * Wait for CNI plugins to be ready before starting non-host-network pods, to allow pods that may run CNI plugins to start faster Other (Cleanup or Flake) * Add systemd After=crio.service to containers and conmon * Switched build artifacts to be published via the cri-o bucket. * Use build tag for linkmode detection on crio version. Uncategorized * Add Particule as adopters * Add --device-ownership-from-security-context which allows an admin to specify devices be configured to be owned by the container user and group, rather than unconditionally * being root. * Added internal/process/defunct_processes.go and crio_processes_defunct metric to collect the total number of defunct/zombie processes in a node. * Raise a warning when creating a bind mount on the container root ==== cryptsetup ==== Version update (2.3.6 -> 2.4.1) Subpackages: libcryptsetup12 - cryptsetup 2.4.1 * Fix compilation for libc implementations without dlvsym(). * Fix compilation and tests on systems with non-standard libraries * Try to workaround some issues on systems without udev support. * Fixes for OpenSSL3 crypto backend (including FIPS mode). * Print error message when assigning a token to an inactive keyslot. * Fix offset bug in LUKS2 encryption code if --offset option was used. * Do not allow LUKS2 decryption for devices with data offset. * Fix LUKS1 cryptsetup repair command for some specific problems. - As YaST passes necessary parameters to cryptsetup anyway, we do not necessarily need to take grub into consideration. So back to Argon2 to see how it goes. - need to use PBKDF2 by default for LUKS2 as grub can't decrypt when using Argon. - cryptsetup 2.4.0 (jsc#SLE-20275) * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - Use LUKS2 as default format on Tumbleweed. It provides some additional features which other tools (e.g. systemd-cryptenroll) rely on. GRUB 2.06 supports unlocking LUKS2 volumes meanwhile. ==== curl ==== Version update (7.78.0 -> 7.79.0) Subpackages: libcurl4 - Temporarily disable flaky test 1184 * See https://github.com/curl/curl/issues/7725 - Update to 7.79.0: [bsc#1190213, CVE-2021-22945] [bsc#1190373, CVE-2021-22946] [bsc#1190374, CVE-2021-22947] * Changes: - bearssl: support CURLOPT_CAINFO_BLOB - http: consider cookies over localhost to be secure - secure transport: support CURLINFO_CERTINFO * Bugfixes: - CVE-2021-22945: clear the leftovers pointer when sending succeeds - CVE-2021-22946: do not ignore --ssl-reqd - CVE-2021-22947: reject STARTTLS server response pipelining - auth: do not append zero-terminator to authorisation id in kerberos - auth: properly handle byte order in kerberos security message - auth: use sasl authzid option in kerberos - auth: we do not support a security layer after kerberos authentication - c-hyper: deal with Expect: 100-continue combined with POSTFIELDS - c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection - c-hyper: initial step for 100-continue support - c-hyper: initial support for "dumping" 1xx HTTP responses - curl-openssl.m4: show correct output for OpenSSL v3 - docs/MQTT: update state of username/password support - docs: the security list is reached at security at curl.se now - getparameter: fix the --local-port number parser - hostip: Make Curl_ipv6works function independent of getaddrinfo - http_proxy: fix the User-Agent inclusion in CONNECT - http_proxy: fix user-agent and custom headers for CONNECT with hyper - http_proxy: only wait for writable socket while sending request - mailing lists: move from cool.haxx.se to lists.haxx.se - mbedtls: avoid using a large buffer on the stack - mbedTLS: initial 3.0.0 support - ngtcp2: remove the acked_crypto_offset struct field init - ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read - ngtcp2: reset the oustanding send buffer again when drained - ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream - ngtcp2: stop buffering crypto data - ngtcp2: utilize crypto API functions to simplify - openssl: when creating a new context, there cannot be an old one - scripts: invoke interpreters through /usr/bin/env - tests/runtests.pl: cleanup copy&paste mistakes and unused code - tests: be explicit about using 'python3' instead of 'python' - tool/tests: fix potential year 2038 issues - tool_operate: Fix --fail-early with parallel transfers - x509asn1: fix heap over-read when parsing x509 certificates * Rebase libcurl-ocloexec.patch ==== e2fsprogs ==== Version update (1.46.3 -> 1.46.4) Subpackages: libcom_err2 libext2fs2 - Update to 1.46.4: * Default to 256-byte inodes for all filesystems, not only larger ones * Bigalloc is considered supported now for small cluster sizes * E2fsck and e2image fixes for quota feature * Fix mke2fs creation of filesystem into non-existent file - libss-add-newer-libreadline.so.8-to-dlopen-path.patch: libss: add newer libreadline.so.8 to dlopen path (bsc#1189453) - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_e2scrub@.service.patch * harden_e2scrub_all.service.patch * harden_e2scrub_fail@.service.patch * harden_e2scrub_reap.service.patch ==== elfutils ==== Subpackages: libasm1 libdw1 libelf1 - Add tests-Allow-an-extra-pthread_kill-frame-in-backtrace.patch in order to fix boo#1189083. ==== etcd ==== - Added hardening to systemd service(s) (bsc#1181400). Modified: * etcd.service ==== ethtool ==== Version update (5.13 -> 5.14) - update to new upstream release 5.14 * Feature: do not silently ignore --json if unsupported * Feature: support new message types in pretty print ==== fcoe-utils ==== - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_fcoe.service.patch ==== fuse3 ==== Version update (3.10.4 -> 3.10.5) - Update to release 3.10.5 * Various improvements to make unit tests more robust. ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - desktop-file-utils: add Pantheon desktop environment ==== glibc ==== Version update (2.33 -> 2.34) Subpackages: glibc-locale-base - Don't create separate debuginfo packages for cross packages - ldconfig-leak-empty-paths.patch: ldconfig: avoid leak on empty paths in config file - gconv-parseconfdir-memory-leak.patch: gconv_parseconfdir: Fix memory leak - gaiconf-init-double-free.patch: gaiconf_init: Avoid double-free in label and precedence lists - copy-and-spawn-sgid-double-close.patch: copy_and_spawn_sgid: Avoid double calls to close() - icon-charmap-close-output.patch: iconv_charmap: Close output file when done - fcntl-time-bits-64-redirect.patch: Linux: Fix fcntl, ioctl, prctl redirects for _TIME_BITS=64 (BZ #28182) - librt-null-pointer.patch: librt: fix NULL pointer dereference (BZ [#28213]) - Add cross development packages for aarch64 and riscv64. - Update to glibc 2.34 Major new features: * When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined, PTHREAD_STACK_MIN is no longer constant and is redefined to sysconf(_SC_THREAD_STACK_MIN) * Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ * The dynamic linker implements the --list-diagnostics option, printing a dump of information related to IFUNC resolver operation and glibc-hwcaps subdirectory selection * On Linux, the function execveat has been added * The ISO C2X function timespec_getres has been added * The feature test macro __STDC_WANT_IEC_60559_EXT__, from draft ISO C2X, is supported to enable declarations of functions defined in Annex F of C2X * Add support for 64-bit time_t on configurations like x86 where time_t is traditionally 32-bit * The main gconv-modules file in glibc now contains only a small set of essential converter modules and the rest have been moved into a supplementary configuration file gconv-modules-extra.conf in the gconv-modules.d directory in the same GCONV_PATH * On Linux, a new tunable, glibc.pthread.stack_cache_size, can be used to configure the size of the thread stack cache * The function _Fork has been added as an async-signal-safe fork replacement since Austin Group issue 62 droped the async-signal-safe requirement for fork (and it will be included in the future POSIX standard) * On Linux, the close_range function has been added * The function closefrom has been added * The posix_spawn_file_actions_closefrom_np function has been added, enabling posix_spawn and posix_spawnp to close all file descriptors great than or equal to a giver integer Deprecated and removed features, and other changes affecting compatibility: * The function pthread_mutex_consistent_np has been deprecated * The function pthread_mutexattr_getrobust_np has been deprecated * The function pthread_mutexattr_setrobust_np has been deprecated * The function pthread_yield has been deprecated * The function inet_neta declared in <arpa/inet.h> has been deprecated * Various rarely-used functions declared in <resolv.h> and <arpa/nameser.h> have been deprecated * The pthread cancellation handler is now installed with SA_RESTART and pthread_cancel will always send the internal SIGCANCEL on a cancellation request * The symbols mallwatch and tr_break are now deprecated and no longer used in mtrace * The __morecore and __after_morecore_hook malloc hooks and the default implementation __default_morecore have been removed from the API * Debugging features in malloc such as the MALLOC_CHECK_ environment variable (or the glibc.malloc.check tunable), mtrace() and mcheck() have now been disabled by default in the main C library * The deprecated functions malloc_get_state and malloc_set_state have been moved from the core C library into libc_malloc_debug.so * The deprecated memory allocation hooks __malloc_hook, __realloc_hook, __memalign_hook and __free_hook are now removed from the API Changes to build and runtime requirements: * On Linux, the shm_open, sem_open, and related functions now expect the file shared memory file system to be mounted at /dev/shm Security related changes: CVE-2021-27645: The nameserver caching daemon (nscd), when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system CVE-2021-33574: The mq_notify function has a potential use-after-free issue when using a notification type of SIGEV_THREAD and a thread attribute with a non-default affinity mask - nss-database-check-reload.patch, nss-load-chroot.patch, x86-isa-level.patch, nscd-netgroupcache.patch, nss-database-lookup.patch, select-modify-timeout.patch, nptl-db-libpthread-load-order.patch, rawmemchr-warning.patch, tst-cpu-features-amx.patch, mq-notify-use-after-free.patch: Removed ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Improve support for SLE Micro 5.1 on s390x. (bsc#1190395) * amend grub2-s390x-04-grub2-install.patch * refresh grub2-s390x-11-secureboot.patch - Follow usr merge for looking up kernel config (bsc#1189782) (bsc#1190061) * 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch - Add btrfs zstd compression on i386-pc and also make sure it won't break existing grub installations (bsc#1161823) * deleted 0001-btrfs-disable-zstd-support-for-i386-pc.patch * added 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch - Delete the author list from %description (the %description section is literally for package descriptions (only) these days, encoding was also problematic). - Add %doc AUTHORS to get packaged that info ==== haproxy ==== Version update (2.4.3+git0.4dd5a5a6c -> 2.4.4+git0.acb1d0bea) - Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877) * [RELEASE] Released version 2.4.4 * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer * CLEANUP: htx: remove comments about "must be < 256 MB" * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB * DOC: configuration: remove wrong tcp-request examples in tcp-response * BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser * CLEANUP: Add missing include guard to signal.h * BUG/MINOR: tools: Fix loop condition in dump_text() * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long * MINOR: time: add report_idle() to report process-wide idle time * BUG/MINOR: time: fix idle time computation for long sleeps * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords * MINOR: compiler: implement an ONLY_ONCE() macro * BUG/MINOR: base64: base64urldec() ignores padding in output size check * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} * BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions * MINOR: hlua: take the global Lua lock inside a global function * REGTESTS: abortonclose: after retries, 503 is expected, not close * REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2 * BUG/MEDIUM: h2: match absolute-path not path-absolute for :path ==== harfbuzz ==== Version update (2.8.2 -> 2.9.1) - harfbuzz 2.9.1: + Subsetter API close to stable + Various fuzzer-found bug fixes + hb_buffer_append() now handles the pre- and post-context which previously were left unchanged in the destination buffer + hb-view / hb-shape now accept following new arguments: - -unicodes: takes a list of hex numbers that represent Unicode codepoints. + Undeprecated API: hb_set_invert() - includes changes from 2.9.0: + Support multiple variation axes with same tag, aka HOI + The coretext testing shaper now passes font variations to CoreText + hb-shape/hb-view does not break line at new lines unless text is read from file + hb-view and hb-subset has a --batch now, similar to hb-shape + The --batch mode now uses ; as argument separator instead of : used previously + The --batch in hb-shape does not expect 0th argument anymore. That is, the lines read are interpreted as argv[1:], instead of argv[0:]. + The --batch option has been undocumented. We are ready to document it; send feedback if you find it useful + hb-subset got arguments revamps. Added much-requested - -gids-file, --glyphs, --glyphs-file, --unicodes-file, supporting ranges in --unicodes. + Various bug fixes ==== helm ==== Version update (3.6.2 -> 3.6.3) - Update to version 3.6.3: * Ensure RawPath match Path when resolving reference * Set Helm as manager for managedFields * fix(dep update): helm dep update is not respecting the "version" stipulated in the requirements * fix(doc): fix kube client interface doc. (#9882) * use TLS client information from repo config when downloading a chart * Adding test for user/pass without repo on Helm install * Fix the url being set by WithURL on the getters * tweak basic handling * keep existing behavior of returning ErrReleaseNotFound when release(s) failed to decode * fix(sql storage): Query() should return ErrReleaseNotFound immediately when no records are found * Add Test cases for repository-config without file extension * Correctly determine repository-config lockfile path * Fixed Test * Added test for lint mode * Fail message is now the same as the required message. Fixed #8973 Helm function 'fail' should not fail when doing 'helm lint' * fix helm dep build/update doesn't inherit --insecure-skip-tls-verify from helm repo add ==== installation-images-MicroOS ==== Version update (17.13 -> 17.15) - merge gh#openSUSE/installation-images#523 - increase minimal ext2 fs size to 128 kiB - 17.15 - merge gh#openSUSE/installation-images#521 - Fix conditions for removing zram devices - Improvements from code review - Fix conditions for turning on/off zram (bcs#1187434) - 17.14 ==== iproute2 ==== Version update (5.13 -> 5.14) - Update to release 5.14 * ip: Add nodst option to macvlan type source * iplink: add support for parent device * iplink: support for WWAN devices * bridge: reorder cmd line arg parsing to let "-c" be detected as "color" option ==== iputils ==== - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_rdisc.service.patch ==== irqbalance ==== Version update (1.8.0.14.ga7f8148 -> 1.8.0.18.git+2435e8d) - Update to version 1.8.0.18.git+2435e8d: * fix unsigned integer subtraction sign overflow * fix opendir fails in check_platform_device * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled * Fix comma typo in ui.c * drop NoNewPrivs from irqbalance service * remove no existing irq in banned_irqs * Fix compile issue with none AARCH64 builds - Fixes integrated mainline: * bsc#1119461 * bsc#1138190 * bsc#1154905 * bsc#1178477 bsc#1183405 (removed patches due to mainline integration): procinterrupts-check-xen-dyn-event-more-flexible.patch * bsc#1182254 bsc#1156315 (removed patches due to mainline integration): fix-ambiguous-parsing-of-node-entries-in-sys.patch * bsc#1183157 also-fetch-node-info-for-non-PCI-devices.patch - Update to version 1.8.0.18.git+2435e8d.obscpio: * fix unsigned integer subtraction sign overflow - Make git hash in version better visable .git+<githash> ==== json-glib ==== Version update (1.6.4 -> 1.6.6) - Update to version 1.6.6: + New release with the documentation and gi-docgen included in the archive. - Drop gtk-doc BuildRequires, no longer needed, nor used. - Add docbook-xsl-stylesheets and libxslt-tools BuildRequires, needed for building of manpages. ==== kbd ==== Subpackages: kbd-legacy - Only run kbdsettings.service if /etc/sysconfig/keyboard exists. Necessary for image based installations without admin made changes. ==== kernel-firmware ==== Version update (20210812 -> 20210901) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20210901 (git commit 6f5aada830d6): * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * rtl_bt: Update RTL8852A BT USB firmware to 0xD9A9_1D69 * rtl_bt: Update RTL8822C BT UART firmware to 0x05A9_1A4A * rtl_bt: Update RTL8822C BT USB firmware to 0x09A9_1A4A * Mellanox: Add new mlxsw_spectrum firmware xx.2008.3326 * iwlwifi: add FW for new So/Gf device type * rtl_bt: Update RTL8852A BT USB firmware to 0xD9A9_127B * rtl_nic: update firmware of RTL8153C * ice: update package file to 1.3.26.0 - Update aliases ==== kernel-source ==== Version update (5.13.13 -> 5.14.6) - Revert "usb: xhci-mtk: Do not use xhci's virt_dev in drop_endpoint" (git-fixes). - tipc: fix an use-after-free issue in tipc_recvmsg (git-fixes). - ethtool: Fix rxnfc copy to user buffer overflow (git-fixes). - commit 6131a3c - Linux 5.14.6 (bsc#1012628). - Makefile: use -Wno-main in the full kernel tree (bsc#1012628). - rtc: tps65910: Correct driver module alias (bsc#1012628). - io_uring: place fixed tables under memcg limits (bsc#1012628). - io_uring: add ->splice_fd_in checks (bsc#1012628). - io_uring: fix io_try_cancel_userdata race for iowq (bsc#1012628). - io-wq: fix wakeup race when adding new work (bsc#1012628). - io-wq: fix race between adding work and activating a free worker (bsc#1012628). - btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc (bsc#1012628). - btrfs: wake up async_delalloc_pages waiters after submit (bsc#1012628). - btrfs: wait on async extents when flushing delalloc (bsc#1012628). - btrfs: reduce the preemptive flushing threshold to 90% (bsc#1012628). - btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1012628). - btrfs: zoned: fix block group alloc_offset calculation (bsc#1012628). - btrfs: zoned: suppress reclaim error message on EAGAIN (bsc#1012628). - btrfs: fix upper limit for max_inline for page size 64K (bsc#1012628). - btrfs: reset replace target device to allocation state on close (bsc#1012628). - btrfs: zoned: fix double counting of split ordered extent (bsc#1012628). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (bsc#1012628). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (bsc#1012628). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1012628). - xen: fix setting of max_pfn in shared_info (bsc#1012628). - 9p/xen: Fix end of loop tests for list_for_each_entry (bsc#1012628). - ceph: fix dereference of null pointer cf (bsc#1012628). - Input: elan_i2c - reduce the resume time for controller in Whitebox (bsc#1012628). - selftests/ftrace: Fix requirement check of README file (bsc#1012628). - tools/thermal/tmon: Add cross compiling support (bsc#1012628). - clk: socfpga: agilex: fix the parents of the psi_ref_clk (bsc#1012628). - clk: socfpga: agilex: fix up s2f_user0_clk representation (bsc#1012628). - clk: socfpga: agilex: add the bypass register for s2f_usr0 clock (bsc#1012628). - pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (bsc#1012628). - pinctrl: ingenic: Fix incorrect pull up/down info (bsc#1012628). - pinctrl: ingenic: Fix bias config for X2000(E) (bsc#1012628). - soc: mediatek: mmsys: Fix missing UFOE component in mt8173 table routing (bsc#1012628). - soc: qcom: aoss: Fix the out of bound usage of cooling_devs (bsc#1012628). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (bsc#1012628). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (bsc#1012628). - arm64: Move .hyp.rodata outside of the _sdata.._edata range (bsc#1012628). - arm64: mm: Fix TLBI vs ASID rollover (bsc#1012628). - arm64: head: avoid over-mapping in map_memory (bsc#1012628). - arm64: Do not trap PMSNEVFR_EL1 (bsc#1012628). - iio: ltc2983: fix device probe (bsc#1012628). - wcn36xx: Ensure finish scan is not requested before start scan (bsc#1012628). - crypto: public_key: fix overflow during implicit conversion (bsc#1012628). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1012628). - power: supply: max17042: handle fails of reading status register (bsc#1012628). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (bsc#1012628). - crypto: ccp - shutdown SEV firmware on kexec (bsc#1012628). - spi: fsi: Reduce max transfer size to 8 bytes (bsc#1012628). - VMCI: fix NULL pointer dereference when unmapping queue pair (bsc#1012628). - media: uvc: don't do DMA on stack (bsc#1012628). - media: rc-loopback: return number of emitters rather than error (bsc#1012628). - nvmem: core: fix error handling while validating keepout regions (bsc#1012628). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (bsc#1012628). - s390/qdio: cancel the ESTABLISH ccw after timeout (bsc#1012628). - Revert "dmaengine: imx-sdma: refine to load context only once" (bsc#1012628). - dmaengine: imx-sdma: remove duplicated sdma_load_context (bsc#1012628). - watchdog: iTCO_wdt: Fix detection of SMI-off case (bsc#1012628). - libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs (bsc#1012628). - ARM: 9105/1: atags_to_fdt: don't warn about stack size (bsc#1012628). - sched: Prevent balance_push() on remote runqueues (bsc#1012628). - f2fs: let's keep writing IOs on SBI_NEED_FSCK (bsc#1012628). - f2fs: fix to do sanity check for sb/cp fields correctly (bsc#1012628). - PCI/portdrv: Enable Bandwidth Notification only if port supports it (bsc#1012628). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (bsc#1012628). - PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (bsc#1012628). - PCI: xilinx-nwl: Enable the clock through CCF (bsc#1012628). - PCI: aardvark: Configure PCIe resources from 'ranges' DT property (bsc#1012628). - PCI: aardvark: Fix checking for PIO status (bsc#1012628). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (bsc#1012628). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (bsc#1012628). - f2fs: compress: fix to set zstd compress level correctly (bsc#1012628). - RDMA/rtrs: move wr_cnt from rtrs_srv_con to rtrs_con (bsc#1012628). - RDMA/rtrs: Enable the same selective signal for heartbeat and IO (bsc#1012628). - RDMA/rtrs: Move sq_wr_avail to rtrs_con (bsc#1012628). - HID: input: do not report stylus battery state as "full" (bsc#1012628). - clk: renesas: rzg2l: Fix off-by-one check in rzg2l_cpg_clk_src_twocell_get() (bsc#1012628). - f2fs: quota: fix potential deadlock (bsc#1012628). - pinctrl: armada-37xx: Correct PWM pins definitions (bsc#1012628). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (bsc#1012628). - clk: rockchip: drop GRF dependency for rk3328/rk3036 pll types (bsc#1012628). - IB/hfi1: Adjust pkey entry in index 0 (bsc#1012628). - RDMA/iwcm: Release resources if iw_cm module initialization fails (bsc#1012628). - docs: Fix infiniband uverbs minor number (bsc#1012628). - scsi: BusLogic: Use %X for u32 sized integer rather than %lX (bsc#1012628). - pinctrl: samsung: Fix pinctrl bank pin count (bsc#1012628). - f2fs: do not submit NEW_ADDR to read node block (bsc#1012628). - f2fs: turn back remapped address in compressed page endio (bsc#1012628). - f2fs: fix wrong checkpoint_changed value in f2fs_remount() (bsc#1012628). - vfio: Use config not menuconfig for VFIO_NOIOMMU (bsc#1012628). - scsi: ufs: Fix memory corruption by ufshcd_read_desc_param() (bsc#1012628). - scsi: ufs: Use DECLARE_COMPLETION_ONSTACK() where appropriate (bsc#1012628). - scsi: ufs: Fix the SCSI abort handler (bsc#1012628). - cpuidle: pseries: Fixup CEDE0 latency only for POWER10 onwards (bsc#1012628). - powerpc/stacktrace: Include linux/delay.h (bsc#1012628). - RDMA/hns: Don't overwrite supplied QP attributes (bsc#1012628). - RDMA/efa: Remove double QP type assignment (bsc#1012628). - RDMA/mlx5: Delete not-available udata check (bsc#1012628). - cpuidle: pseries: Mark pseries_idle_proble() as __init (bsc#1012628). - f2fs: reduce the scope of setting fsck tag when de->name_len is zero (bsc#1012628). - openrisc: don't printk() unconditionally (bsc#1012628). - dma-debug: fix debugfs initialization order (bsc#1012628). - xprtrdma: Put rpcrdma_reps before waking the tear-down completion (bsc#1012628). - NFSv4/pNFS: Fix a layoutget livelock loop (bsc#1012628). - NFSv4/pNFS: Always allow update of a zero valued layout barrier (bsc#1012628). - NFSv4/pnfs: The layout barrier indicate a minimal value for the seqid (bsc#1012628). - SUNRPC: Fix potential memory corruption (bsc#1012628). - SUNRPC/xprtrdma: Fix reconnection locking (bsc#1012628). - sunrpc: Fix return value of get_srcport() (bsc#1012628). - scsi: ufs: Fix unsigned int compared with less than zero (bsc#1012628). - scsi: ufshcd: Fix device links when BOOT WLUN fails to probe (bsc#1012628). - scsi: fdomain: Fix error return code in fdomain_probe() (bsc#1012628). - pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (bsc#1012628). - powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1012628). - vfio/mbochs: Fix missing error unwind of mbochs_used_mbytes (bsc#1012628). - platform/x86: ISST: Fix optimization with use of numa (bsc#1012628). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (bsc#1012628). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (bsc#1012628). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (bsc#1012628). - powerpc/config: Fix IPV6 warning in mpc855_ads (bsc#1012628). - powerpc/config: Renable MTD_PHYSMAP_OF (bsc#1012628). - f2fs: fix to keep compatibility of fault injection interface (bsc#1012628). - iommu/vt-d: Update the virtual command related registers (bsc#1012628). - RDMA/hns: Fix return in hns_roce_rereg_user_mr() (bsc#1012628). - HID: amd_sfh: Fix period data field to enable sensor (bsc#1012628). - HID: i2c-hid: Fix Elan touchpad regression (bsc#1012628). - HID: thrustmaster: clean up Makefile and adapt quirks (bsc#1012628). - RDMA/hns: Ownerbit mode add control field (bsc#1012628). - clk: imx8mm: use correct mux type for clkout path (bsc#1012628). - clk: imx8m: fix clock tree update of TF-A managed clocks (bsc#1012628). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (bsc#1012628). - scsi: ufs: ufs-exynos: Fix static checker warning (bsc#1012628). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1012628). - powerpc/perf: Fix the check for SIAR value (bsc#1012628). - RDMA/hns: Fix incorrect lsn field (bsc#1012628). - RDMA/hns: Bugfix for data type of dip_idx (bsc#1012628). - RDMA/hns: Bugfix for the missing assignment for dip_idx (bsc#1012628). - RDMA/hns: Bugfix for incorrect association between dip_idx and dgid (bsc#1012628). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (bsc#1012628). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (bsc#1012628). - powerpc/smp: Update cpu_core_map on all PowerPc systems (bsc#1012628). - RDMA/hns: Fix query destination qpn (bsc#1012628). - RDMA/hns: Fix QP's resp incomplete assignment (bsc#1012628). - fscache: Fix cookie key hashing (bsc#1012628). - clk: ralink: avoid to set 'CLK_IS_CRITICAL' flag for gates (bsc#1012628). - clk: at91: clk-generated: Limit the requested rate to our range (bsc#1012628). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1012628). - soc: mediatek: cmdq: add address shift in jump (bsc#1012628). - f2fs: fix to account missing .skipped_gc_rwsem (bsc#1012628). - f2fs: fix unexpected ENOENT comes from f2fs_map_blocks() (bsc#1012628). - f2fs: fix to unmap pages from userspace process in punch_hole() (bsc#1012628). - f2fs: deallocate compressed pages when error happens (bsc#1012628). - f2fs: should put a page beyond EOF when preparing a write (bsc#1012628). - MIPS: Malta: fix alignment of the devicetree buffer (bsc#1012628). - kbuild: Fix 'no symbols' warning when CONFIG_TRIM_UNUSD_KSYMS=y (bsc#1012628). - userfaultfd: prevent concurrent API initialization (bsc#1012628). - drm/vmwgfx: Fix subresource updates with new contexts (bsc#1012628). - drm/vmwgfx: Fix some static checker warnings (bsc#1012628). - drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (bsc#1012628). - drm/ttm: Fix multihop assert on eviction (bsc#1012628). - drm/omap: Follow implicit fencing in prepare_fb (bsc#1012628). - drm/amdgpu: Fix amdgpu_ras_eeprom_init() (bsc#1012628). - drm/amdgpu: Fix koops when accessing RAS EEPROM (bsc#1012628). - drm: vc4: Fix pixel-wrap issue with DVP teardown (bsc#1012628). - dma-buf: fix dma_resv_test_signaled test_all handling v2 (bsc#1012628). - drm/panel: Fix up DT bindings for Samsung lms397kf04 (bsc#1012628). - ASoC: ti: davinci-mcasp: Fix DIT mode support (bsc#1012628). - ASoC: atmel: ATMEL drivers don't need HAS_DMA (bsc#1012628). - media: dib8000: rewrite the init prbs logic (bsc#1012628). - media: ti-vpe: cal: fix error handling in cal_camerarx_create (bsc#1012628). - media: ti-vpe: cal: fix queuing of the initial buffer (bsc#1012628). - libbpf: Fix reuse of pinned map on older kernel (bsc#1012628). - drm/vkms: Let shadow-plane helpers prepare the plane's FB (bsc#1012628). - x86/hyperv: fix for unwanted manipulation of sched_clock when TSC marked unstable (bsc#1012628). - crypto: mxs-dcp - Use sg_mapping_iter to copy data (bsc#1012628). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (bsc#1012628). - tipc: keep the skb in rcv queue until the whole data is read (bsc#1012628). - net: phy: Fix data type in DP83822 dp8382x_disable_wol() (bsc#1012628). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (bsc#1012628). - iavf: do not override the adapter state in the watchdog task (bsc#1012628). - iavf: fix locking of critical sections (bsc#1012628). - ARM: dts: qcom: apq8064: correct clock names (bsc#1012628). - video: fbdev: kyro: fix a DoS bug by restricting user input (bsc#1012628). - drm/ast: Disable fast reset after DRAM initial (bsc#1012628). - netlink: Deal with ESRCH error in nlmsg_notify() (bsc#1012628). - arm64: dts: qcom: Fix usb entries for SA8155p adp board (bsc#1012628). - net: ipa: fix IPA v4.11 interconnect data (bsc#1012628). - Smack: Fix wrong semantics in smk_access_entry() (bsc#1012628). - drm: avoid blocking in drm_clients_info's rcu section (bsc#1012628). - drm: serialize drm_file.master with a new spinlock (bsc#1012628). - drm: protect drm_master pointers in drm_lease.c (bsc#1012628). - rcu: Fix macro name CONFIG_TASKS_RCU_TRACE (bsc#1012628). - igc: Check if num of q_vectors is smaller than max before array access (bsc#1012628). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (bsc#1012628). - usb: host: fotg210: fix the actual_length of an iso packet (bsc#1012628). - usb: gadget: u_ether: fix a potential null pointer dereference (bsc#1012628). - USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (bsc#1012628). - usb: gadget: composite: Allow bMaxPower=0 if self-powered (bsc#1012628). - staging: board: Fix uninitialized spinlock when attaching genpd (bsc#1012628). - staging: hisilicon,hi6421-spmi-pmic.yaml: fix patternProperties (bsc#1012628). - tty: serial: jsm: hold port lock when reporting modem line changes (bsc#1012628). - bus: fsl-mc: fix arg in call to dprc_scan_objects() (bsc#1012628). - bus: fsl-mc: fix mmio base address for child DPRCs (bsc#1012628). - misc/pvpanic-pci: Allow automatic loading (bsc#1012628). - selftests: firmware: Fix ignored return val of asprintf() warn (bsc#1012628). - drm/amd/display: Fix timer_per_pixel unit error (bsc#1012628). - media: hantro: vp8: Move noisy WARN_ON to vpu_debug (bsc#1012628). - media: platform: stm32: unprepare clocks at handling errors in probe (bsc#1012628). - media: atomisp: Fix runtime PM imbalance in atomisp_pci_probe (bsc#1012628). - media: atomisp: pci: fix error return code in atomisp_pci_probe() (bsc#1012628). - nfp: fix return statement in nfp_net_parse_meta() (bsc#1012628). - ethtool: improve compat ioctl handling (bsc#1012628). - drm/amd/display: Fixed hardware power down bypass during headless boot (bsc#1012628). - drm/amdgpu: Fix a printing message (bsc#1012628). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (bsc#1012628). - bpf/tests: Fix copy-and-paste error in double word test (bsc#1012628). - bpf/tests: Do not PASS tests without actually testing the result (bsc#1012628). - drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (bsc#1012628). - arm64: dts: allwinner: h6: tanix-tx6: Fix regulator node names (bsc#1012628). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (bsc#1012628). - video: fbdev: kyro: Error out if 'pixclock' equals zero (bsc#1012628). - video: fbdev: riva: Error out if 'pixclock' equals zero (bsc#1012628). - net: ipa: fix ipa_cmd_table_valid() (bsc#1012628). - net: ipa: always validate filter and route tables (bsc#1012628). - ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() (bsc#1012628). - flow_dissector: Fix out-of-bounds warnings (bsc#1012628). - s390/jump_label: print real address in a case of a jump label bug (bsc#1012628). - s390: make PCI mio support a machine flag (bsc#1012628). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (bsc#1012628). - serial: max310x: Use clock-names property matching to recognize EXTCLK (bsc#1012628). - xtensa: ISS: don't panic in rs_init (bsc#1012628). - hvsi: don't panic on tty_register_driver failure (bsc#1012628). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (bsc#1012628). - vt: keyboard.c: make console an unsigned int (bsc#1012628). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (bsc#1012628). - drm/amd/display: Fix PSR command version (bsc#1012628). - samples: bpf: Fix tracex7 error raised on the missing argument (bsc#1012628). - libbpf: Fix race when pinning maps in parallel (bsc#1012628). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (bsc#1012628). - drm: rcar-du: Shutdown the display on system shutdown (bsc#1012628). - Bluetooth: skip invalid hci_sync_conn_complete_evt (bsc#1012628). - workqueue: Fix possible memory leaks in wq_numa_init() (bsc#1012628). - ARM: dts: stm32: Set {bitclock,frame}-master phandles on DHCOM SoM (bsc#1012628). - ARM: dts: stm32: Set {bitclock,frame}-master phandles on ST DKx (bsc#1012628). - ARM: dts: stm32: Update AV96 adv7513 node per dtbs_check (bsc#1012628). - drm/msm/a6xx: Fix llcc configuration for a660 gpu (bsc#1012628). - netfilter: nft_compat: use nfnetlink_unicast() (bsc#1012628). - bonding: 3ad: fix the concurrency between __bond_release_one() and bond_3ad_state_machine_handler() (bsc#1012628). - ARM: dts: at91: use the right property for shutdown controller (bsc#1012628). - arm64: tegra: Fix Tegra194 PCIe EP compatible string (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output (bsc#1012628). - ASoC: Intel: update sof_pcm512x quirks (bsc#1012628). - Bluetooth: Fix not generating RPA when required (bsc#1012628). - dpaa2-switch: do not enable the DPSW at probe time (bsc#1012628). - media: imx258: Rectify mismatch of VTS value (bsc#1012628). - media: imx258: Limit the max analogue gain to 480 (bsc#1012628). - media: imx: imx7-media-csi: Fix buffer return upon stream start failure (bsc#1012628). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (bsc#1012628). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (bsc#1012628). - media: tegra-cec: Handle errors of clk_prepare_enable() (bsc#1012628). - gfs2: Fix glock recursion in freeze_go_xmote_bh (bsc#1012628). - arm64: dts: qcom: sdm630: Rewrite memory map (bsc#1012628). - arm64: dts: qcom: sdm630: Fix TLMM node and pinctrl configuration (bsc#1012628). - net: ipa: fix IPA v4.9 interconnects (bsc#1012628). - serial: 8250_omap: Handle optional overrun-throttle-ms property (bsc#1012628). - misc: sram: Only map reserved areas in Tegra SYSRAM (bsc#1012628). - ARM: dts: imx53-ppd: Fix ACHC entry (bsc#1012628). - arm64: dts: qcom: ipq8074: fix pci node reg property (bsc#1012628). - arm64: dts: qcom: sdm660: use reg value for memory node (bsc#1012628). - arm64: dts: qcom: ipq6018: drop '0x' from unit address (bsc#1012628). - arm64: dts: qcom: sdm630: don't use underscore in node name (bsc#1012628). - arm64: dts: qcom: msm8994: don't use underscore in node name (bsc#1012628). - arm64: dts: qcom: msm8996: don't use underscore in node name (bsc#1012628). - arm64: dts: qcom: sm8250: Fix epss_l3 unit address (bsc#1012628). - nvmem: qfprom: Fix up qfprom_disable_fuse_blowing() ordering (bsc#1012628). - net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() (bsc#1012628). - drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (bsc#1012628). - drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (bsc#1012628). - drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (bsc#1012628). - drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (bsc#1012628). - ARM: dts: ixp4xx: Fix up bad interrupt flags (bsc#1012628). - thunderbolt: Fix port linking by checking all adapters (bsc#1012628). - drm/amd/display: fix missing writeback disablement if plane is removed (bsc#1012628). - drm/amd/display: fix incorrect CM/TF programming sequence in dwb (bsc#1012628). - selftests/bpf: Fix xdp_tx.c prog section name (bsc#1012628). - drm/vmwgfx: fix potential UAF in vmwgfx_surface.c (bsc#1012628). - staging: rtl8723bs: fix right side of condition (bsc#1012628). - drm/msm/dp: reduce link rate if failed at link training 1 (bsc#1012628). - drm/msm/dp: reset aux controller after dp_aux_cmd_fifo_tx() failed (bsc#1012628). - drm/msm/dp: return correct edid checksum after corrupted edid checksum read (bsc#1012628). - drm/msm/dp: do not end dp link training until video is ready (bsc#1012628). - net/mlx5: Fix variable type to match 64bit (bsc#1012628). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (bsc#1012628). - drm/display: fix possible null-pointer dereference in dcn10_set_clock() (bsc#1012628). - mac80211: Fix monitor MTU limit so that A-MSDUs get through (bsc#1012628). - ARM: tegra: acer-a500: Remove bogus USB VBUS regulators (bsc#1012628). - ARM: tegra: tamonten: Fix UART pad setting (bsc#1012628). - arm64: tegra: Fix compatible string for Tegra132 CPUs (bsc#1012628). - arm64: dts: imx8mm-venice-gw700x: fix mp5416 pmic config (bsc#1012628). - arm64: dts: imx8mm-venice-gw700x: fix invalid pmic pin config (bsc#1012628). - arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (bsc#1012628). - arm64: dts: ls1046a: fix eeprom entries (bsc#1012628). - nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data (bsc#1012628). - nvme: code command_id with a genctr for use-after-free validation (bsc#1012628). - Bluetooth: Fix handling of LE Enhanced Connection Complete (bsc#1012628). - Bluetooth: Fix race condition in handling NOP command (bsc#1012628). - opp: Don't print an error if required-opps is missing (bsc#1012628). - serial: sh-sci: fix break handling for sysrq (bsc#1012628). - iomap: pass writeback errors to the mapping (bsc#1012628). - tcp: enable data-less, empty-cookie SYN with TFO_SERVER_COOKIE_NOT_REQD (bsc#1012628). - locking/rtmutex: Set proper wait context for lockdep (bsc#1012628). - rpc: fix gss_svc_init cleanup on failure (bsc#1012628). - iavf: use mutexes for locking of critical sections (bsc#1012628). - selftests/bpf: Correctly display subtest skip status (bsc#1012628). - selftests/bpf: Fix flaky send_signal test (bsc#1012628). - hwmon: (pmbus/ibm-cffps) Fix write bits for LED control (bsc#1012628). - staging: rts5208: Fix get_ms_information() heap buffer size (bsc#1012628). - selftests: nci: Fix the code for next nlattr offset (bsc#1012628). - selftests: nci: Fix the wrong condition (bsc#1012628). - net: Fix offloading indirect devices dependency on qdisc order creation (bsc#1012628). - kselftest/arm64: mte: Fix misleading output when skipping tests (bsc#1012628). - kselftest/arm64: pac: Fix skipping of tests on systems without PAC (bsc#1012628). - ASoC: rsnd: adg: clearly handle clock error / NULL case (bsc#1012628). - gfs2: Don't call dlm after protocol is unmounted (bsc#1012628). - usb: chipidea: host: fix port index underflow and UBSAN complains (bsc#1012628). - lockd: lockd server-side shouldn't set fl_ops (bsc#1012628). - drm/exynos: Always initialize mapping in exynos_drm_register_dma() (bsc#1012628). - rtl8xxxu: Fix the handling of TX A-MPDU aggregation (bsc#1012628). - rtw88: use read_poll_timeout instead of fixed sleep (bsc#1012628). - rtw88: wow: build wow function only if CONFIG_PM is on (bsc#1012628). - rtw88: wow: fix size access error of probe request (bsc#1012628). - octeontx2-pf: Fix NIX1_RX interface backpressure (bsc#1012628). - m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch (bsc#1012628). - btrfs: remove racy and unnecessary inode transaction update when using no-holes (bsc#1012628). - btrfs: tree-log: check btrfs_lookup_data_extent return value (bsc#1012628). - soundwire: intel: fix potential race condition during power down (bsc#1012628). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (bsc#1012628). - ASoC: Intel: Skylake: Fix passing loadable flag for module (bsc#1012628). - of: Don't allow __of_attached_node_sysfs() without CONFIG_SYSFS (bsc#1012628). - mmc: sdhci-of-arasan: Modified SD default speed to 19MHz for ZynqMP (bsc#1012628). - mmc: sdhci-of-arasan: Check return value of non-void funtions (bsc#1012628). - mmc: core: Avoid hogging the CPU while polling for busy in the I/O err path (bsc#1012628). - mmc: core: Avoid hogging the CPU while polling for busy for mmc ioctls (bsc#1012628). - mmc: core: Avoid hogging the CPU while polling for busy after I/O writes (bsc#1012628). - mmc: rtsx_pci: Fix long reads when clock is prescaled (bsc#1012628). - selftests/bpf: Enlarge select() timeout for test_maps (bsc#1012628). - mmc: core: Return correct emmc response in case of ioctl error (bsc#1012628). - octeontx2-pf: cleanup transmit link deriving logic (bsc#1012628). - samples: pktgen: fix to print when terminated normally (bsc#1012628). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1012628). - Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" (bsc#1012628). - usb: dwc3: imx8mp: request irq after initializing dwc3 (bsc#1012628). - usb: musb: musb_dsps: request_irq() after initializing musb (bsc#1012628). - usbip: give back URBs for unsent unlink requests during cleanup (bsc#1012628). - usbip:vhci_hcd USB port can get stuck in the disabled state (bsc#1012628). - usb: xhci-mtk: fix use-after-free of mtk->hcd (bsc#1012628). - usb: xhci-mtk: Do not use xhci's virt_dev in drop_endpoint (bsc#1012628). - ASoC: rockchip: i2s: Fix regmap_ops hang (bsc#1012628). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (bsc#1012628). - ASoC: soc-pcm: protect BE dailink state changes in trigger (bsc#1012628). - drm/amdkfd: Account for SH/SE count when setting up cu masks (bsc#1012628). - nfs: don't atempt blocking locks on nfs reexports (bsc#1012628). - nfsd: fix crash on LOCKT on reexported NFSv3 (bsc#1012628). - iwlwifi: pcie: free RBs during configure (bsc#1012628). - iwlwifi: mvm: Do not use full SSIDs in 6GHz scan (bsc#1012628). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (bsc#1012628). - iwlwifi: mvm: avoid static queue number aliasing (bsc#1012628). - iwlwifi: mvm: Fix umac scan request probe parameters (bsc#1012628). - iwlwifi: mvm: fix access to BSS elements (bsc#1012628). - iwlwifi: fw: correctly limit to monitor dump (bsc#1012628). - iwlwifi: mvm: don't schedule the roc_done_wk if it is already running (bsc#1012628). - iwlwifi: mvm: Fix scan channel flags settings (bsc#1012628). - net/mlx5: DR, fix a potential use-after-free bug (bsc#1012628). - net/mlx5: DR, Enable QP retransmission (bsc#1012628). - usb: isp1760: fix memory pool initialization (bsc#1012628). - usb: isp1760: fix qtd fill length (bsc#1012628). - usb: isp1760: write to status and address register (bsc#1012628). - usb: isp1760: use the right irq status bit (bsc#1012628). - usb: isp1760: otg control register access (bsc#1012628). - parport: remove non-zero check on count (bsc#1012628). - selftests/bpf: Fix potential unreleased lock (bsc#1012628). - wcn36xx: Fix missing frame timestamp for beacon/probe-resp (bsc#1012628). - ath9k: fix OOB read ar9300_eeprom_restore_internal (bsc#1012628). - ath9k: fix sleeping in atomic context (bsc#1012628). - net: fix NULL pointer reference in cipso_v4_doi_free (bsc#1012628). - fix array-index-out-of-bounds in taprio_change (bsc#1012628). - net: w5100: check return value after calling platform_get_resource() (bsc#1012628). - net: hns3: clean up a type mismatch warning (bsc#1012628). - parisc: fix crash with signals and alloca (bsc#1012628). - parisc: Fix compile failure when building 64-bit kernel natively (bsc#1012628). - printk/console: Check consistent sequence number when handling race in console_unlock() (bsc#1012628). - ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() (bsc#1012628). - scsi: BusLogic: Fix missing pr_cont() use (bsc#1012628). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1012628). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1012628). - mtd: rawnand: intel: Fix error handling in probe (bsc#1012628). - cpufreq: powernv: Fix init_chip_info initialization in numa=off (bsc#1012628). - s390/pv: fix the forcing of the swiotlb (bsc#1012628). - s390/topology: fix topology information when calling cpu hotplug notifiers (bsc#1012628). - mm: fix panic caused by __page_handle_poison() (bsc#1012628). - hugetlb: fix hugetlb cgroup refcounting during vma split (bsc#1012628). - mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() (bsc#1012628). - mm/hmm: bypass devmap pte when all pfn requested flags are fulfilled (bsc#1012628). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1012628). - mm,vmscan: fix divide by zero in get_scan_count (bsc#1012628). - mm/page_alloc.c: avoid accessing uninitialized pcp page migratetype (bsc#1012628). - mm/mempolicy: fix a race between offset_il_node and mpol_rebind_task (bsc#1012628). - memcg: enable accounting for pids in nested pid namespaces (bsc#1012628). - libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind (bsc#1012628). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (bsc#1012628). - lib/test_stackinit: Fix static initializer test (bsc#1012628). - net: dsa: lantiq_gswip: fix maximum frame length (bsc#1012628). - net: stmmac: Fix overall budget calculation for rxtx_napi (bsc#1012628). - drm/mgag200: Select clock in PLL update functions (bsc#1012628). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (bsc#1012628). - drm/dp_mst: Fix return code on sideband message failure (bsc#1012628). - drm/panfrost: Make sure MMU context lifetime is not bound to panfrost_priv (bsc#1012628). - drm/amdgpu: Fix BUG_ON assert (bsc#1012628). - drm/amdgpu: Enable S/G for Yellow Carp (bsc#1012628). - drm/amdgpu: Fix a deadlock if previous GEM object allocation fails (bsc#1012628). - drm/amd/display: Update number of DCN3 clock states (bsc#1012628). - drm/amd/display: Update bounding box states (v2) (bsc#1012628). - drm/amdkfd: drop process ref count when xnack disable (bsc#1012628). - drm/amd/display: setup system context for APUs (bsc#1012628). - drm/msm/disp/dpu1: add safe lut config in dpu driver (bsc#1012628). - drm/ttm: Fix ttm_bo_move_memcpy() for subclassed struct ttm_resource (bsc#1012628). - drm/panfrost: Simplify lock_region calculation (bsc#1012628). - drm/panfrost: Use u64 for size in lock_region (bsc#1012628). - drm/panfrost: Clamp lock region to Bifrost minimum (bsc#1012628). - tracing/osnoise: Fix missed cpus_read_unlock() in start_per_cpu_kthreads() (bsc#1012628). - commit 73a28f9 - drm/vc4: hdmi: Fix HPD GPIO detection (bsc#1190469) - commit 4a524d3 - Linux 5.14.5 (bsc#1012628). - Revert "posix-cpu-timers: Force next expiration recalc after itimer reset" (bsc#1012628). - Revert "time: Handle negative seconds correctly in timespec64_to_ns()" (bsc#1012628). - Delete patches.suse/posix-cpu-timers-Fix-spuriously-armed-0-value-itimer.patch. - commit 048e6c0 - crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764). - commit e7a1776 - posix-cpu-timers: Fix spuriously armed 0-value itimer (timer breakage). - commit c8203f6 - Revert "rpm: Abolish scritplet templating (bsc#1189841)." This reverts commit e98096d5cf85dbe90f74a930eb1f0e3fe4a70c7f. "nothing provides suse-kernel-rpm-scriptlets". This is provided by suse-module-tools which are not in TW quite yet. See: https://build.opensuse.org/request/show/919012 So revert this temporarily. - commit f924054 - Linux 5.14.4 (bsc#1012628). - locking/mutex: Fix HANDOFF condition (bsc#1012628). - regmap: fix the offset of register error log (bsc#1012628). - regulator: tps65910: Silence deferred probe error (bsc#1012628). - crypto: mxs-dcp - Check for DMA mapping errors (bsc#1012628). - sched/deadline: Fix reset_on_fork reporting of DL tasks (bsc#1012628). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (bsc#1012628). - crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (bsc#1012628). - sched/deadline: Fix missing clock update in migrate_task_rq_dl() (bsc#1012628). - rcu/tree: Handle VM stoppage in stall detection (bsc#1012628). - EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1012628). - posix-cpu-timers: Force next expiration recalc after itimer reset (bsc#1012628). - hrtimer: Avoid double reprogramming in __hrtimer_start_range_ns() (bsc#1012628). - hrtimer: Ensure timerfd notification for HIGHRES=n (bsc#1012628). - udf: Check LVID earlier (bsc#1012628). - udf: Fix iocharset=utf8 mount option (bsc#1012628). - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1012628). - bcache: add proper error unwinding in bcache_device_init (bsc#1012628). - nbd: add the check to prevent overflow in __nbd_ioctl() (bsc#1012628). - blk-throtl: optimize IOPS throttle for large IO scenarios (bsc#1012628). - nvme-tcp: don't update queue count when failing to set io queues (bsc#1012628). - nvme-rdma: don't update queue count when failing to set io queues (bsc#1012628). - nvmet: pass back cntlid on successful completion (bsc#1012628). - power: supply: smb347-charger: Add missing pin control activation (bsc#1012628). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (bsc#1012628). - s390/cio: add dev_busid sysfs entry for each subchannel (bsc#1012628). - s390/zcrypt: fix wrong offset index for APKA master key valid state (bsc#1012628). - libata: fix ata_host_start() (bsc#1012628). - sched/topology: Skip updating masks for non-online nodes (bsc#1012628). - crypto: omap - Fix inconsistent locking of device lists (bsc#1012628). - crypto: qat - do not ignore errors from enable_vf2pf_comms() (bsc#1012628). - crypto: qat - handle both source of interrupt in VF ISR (bsc#1012628). - crypto: qat - fix reuse of completion variable (bsc#1012628). - crypto: qat - fix naming for init/shutdown VF to PF notifications (bsc#1012628). - crypto: qat - do not export adf_iov_putmsg() (bsc#1012628). - crypto: hisilicon/sec - fix the abnormal exiting process (bsc#1012628). - crypto: hisilicon/sec - modify the hardware endian configuration (bsc#1012628). - crypto: tcrypt - Fix missing return value check (bsc#1012628). - fcntl: fix potential deadlocks for &fown_struct.lock (bsc#1012628). - fcntl: fix potential deadlock for &fasync_struct.fa_lock (bsc#1012628). - udf_get_extendedattr() had no boundary checks (bsc#1012628). - io-wq: remove GFP_ATOMIC allocation off schedule out path (bsc#1012628). - s390/kasan: fix large PMD pages address alignment check (bsc#1012628). - s390/pci: fix misleading rc in clp_set_pci_fn() (bsc#1012628). - s390/debug: keep debug data on resize (bsc#1012628). - s390/debug: fix debug area life cycle (bsc#1012628). - s390/ap: fix state machine hang after failure to enable irq (bsc#1012628). - s390/smp: enable DAT before CPU restart callback is called (bsc#1012628). - sched/debug: Don't update sched_domain debug directories before sched_debug_init() (bsc#1012628). - power: supply: cw2015: use dev_err_probe to allow deferred probe (bsc#1012628). - m68k: emu: Fix invalid free in nfeth_cleanup() (bsc#1012628). - crypto: x86/aes-ni - add missing error checks in XTS code (bsc#1012628). - sched/numa: Fix is_core_idle() (bsc#1012628). - sched: Fix UCLAMP_FLAG_IDLE setting (bsc#1012628). - rcu: Fix to include first blocked task in stall warning (bsc#1012628). - rcu: Fix stall-warning deadlock due to non-release of rcu_node - >lock (bsc#1012628). - m68k: Fix invalid RMW_INSNS on CPUs that lack CAS (bsc#1012628). - block: return ELEVATOR_DISCARD_MERGE if possible (bsc#1012628). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (bsc#1012628). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (bsc#1012628). - genirq/timings: Fix error return code in irq_timings_test_irqs() (bsc#1012628). - irqchip/loongson-pch-pic: Improve edge triggered interrupt support (bsc#1012628). - lib/mpi: use kcalloc in mpi_resize (bsc#1012628). - clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel (bsc#1012628). - nbd: do del_gendisk() asynchronously for NBD_DESTROY_ON_DISCONNECT (bsc#1012628). - block: nbd: add sanity check for first_minor (bsc#1012628). - spi: coldfire-qspi: Use clk_disable_unprepare in the remove function (bsc#1012628). - irqchip/apple-aic: Fix irq_disable from within irq handlers (bsc#1012628). - irqchip/gic-v3: Fix priority comparison when non-secure priorities are used (bsc#1012628). - crypto: qat - use proper type for vf_mask (bsc#1012628). - m68k: Fix asm register constraints for atomic ops (bsc#1012628). - certs: Trigger creation of RSA module signing key if it's not an RSA key (bsc#1012628). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1012628). - EDAC/i10nm: Fix NVDIMM detection (bsc#1012628). - x86/mce: Defer processing of early errors (bsc#1012628). - spi: davinci: invoke chipselect callback (bsc#1012628). - blk-crypto: fix check for too-large dun_bytes (bsc#1012628). - regulator: vctrl: Use locked regulator_get_voltage in probe path (bsc#1012628). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (bsc#1012628). - spi: sprd: Fix the wrong WDG_LOAD_VAL (bsc#1012628). - spi: spi-zynq-qspi: use wait_for_completion_timeout to make zynq_qspi_exec_mem_op not interruptible (bsc#1012628). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (bsc#1012628). - drm/gma500: Fix end of loop tests for list_for_each_entry (bsc#1012628). - ASoC: mediatek: mt8192:Fix Unbalanced pm_runtime_enable in mt8192_afe_pcm_dev_probe (bsc#1012628). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (bsc#1012628). - ASoC: tlv320aic32x4: Fix TAS2505/TAS2521 channel count (bsc#1012628). - media: atmel: atmel-sama5d2-isc: fix YUYV format (bsc#1012628). - media: TDA1997x: enable EDID support (bsc#1012628). - leds: is31fl32xx: Fix missing error code in is31fl32xx_parse_dt() (bsc#1012628). - soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally (bsc#1012628). - media: cxd2880-spi: Fix an error handling path (bsc#1012628). - drm/of: free the right object (bsc#1012628). - bpf: Fix a typo of reuseport map in bpf.h (bsc#1012628). - bpf: Fix potential memleak and UAF in the verifier (bsc#1012628). - drm/of: free the iterator object on failure (bsc#1012628). - gve: fix the wrong AdminQ buffer overflow check (bsc#1012628). - libbpf: Fix the possible memory leak on error (bsc#1012628). - ARM: dts: aspeed-g6: Fix HVI3C function-group in pinctrl dtsi (bsc#1012628). - ARM: dts: everest: Add phase corrections for eMMC (bsc#1012628). - arm64: dts: renesas: r8a77995: draak: Remove bogus adv7511w properties (bsc#1012628). - i40e: improve locking of mac_filter_hash (bsc#1012628). - arm64: dts: qcom: sc7180: Set adau wakeup delay to 80 ms (bsc#1012628). - soc: qcom: rpmhpd: Use corner in power_off (bsc#1012628). - libbpf: Fix removal of inner map in bpf_object__create_map (bsc#1012628). - gfs2: Fix memory leak of object lsi on error return path (bsc#1012628). - arm64: dts: qcom: sm8250: fix usb2 qmp phy node (bsc#1012628). - bpf, selftests: Fix test_maps now that sockmap supports UDP (bsc#1012628). - firmware: fix theoretical UAF race with firmware cache and resume (bsc#1012628). - driver core: Fix error return code in really_probe() (bsc#1012628). - ionic: cleanly release devlink instance (bsc#1012628). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (bsc#1012628). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (bsc#1012628). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (bsc#1012628). - net: usb: asix: ax88772: add missing stop (bsc#1012628). - media: go7007: fix memory leak in go7007_usb_probe (bsc#1012628). - media: go7007: remove redundant initialization (bsc#1012628). - media: v4l2-subdev: fix some NULL vs IS_ERR() checks (bsc#1012628). - media: rockchip/rga: fix error handling in probe (bsc#1012628). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (bsc#1012628). - media: atomisp: fix the uninitialized use and rename "retvalue" (bsc#1012628). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (bsc#1012628). - Bluetooth: btusb: Fix a unspported condition to set available debug features (bsc#1012628). - 6lowpan: iphc: Fix an off-by-one check of array index (bsc#1012628). - drm/amdgpu/acp: Make PM domain really work (bsc#1012628). - drm/amd/pm: Fix a bug communicating with the SMU (v5) (bsc#1012628). - tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos (bsc#1012628). - ARM: dts: meson8: Use a higher default GPU clock frequency (bsc#1012628). - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (bsc#1012628). - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (bsc#1012628). - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (bsc#1012628). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (bsc#1012628). - net/mlx5e: Block LRO if firmware asks for tunneled LRO (bsc#1012628). - cgroup/cpuset: Fix a partition bug with hotplug (bsc#1012628). - drm: mxsfb: Enable recovery on underflow (bsc#1012628). - drm: mxsfb: Increase number of outstanding requests on V4 and newer HW (bsc#1012628). - drm: mxsfb: Clear FIFO_CLEAR bit (bsc#1012628). - net: cipso: fix warnings in netlbl_cipsov4_add_std (bsc#1012628). - net: ti: am65-cpsw-nuss: fix wrong devlink release order (bsc#1012628). - drm: rcar-du: Don't put reference to drm_device in rcar_du_remove() (bsc#1012628). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (bsc#1012628). - drm/amd/pm: Fix a bug in semaphore double-lock (bsc#1012628). - lib/test_scanf: Handle n_bits == 0 in random tests (bsc#1012628). - libbpf: Return non-null error on failures in libbpf_find_prog_btf_id() (bsc#1012628). - tools: Free BTF objects at various locations (bsc#1012628). - arm64: dts: renesas: hihope-rzg2-ex: Add EtherAVB internal rx delay (bsc#1012628). - net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (bsc#1012628). - i2c: highlander: add IRQ check (bsc#1012628). - leds: lgm-sso: Put fwnode in any case during ->probe() (bsc#1012628). - leds: lgm-sso: Don't spam logs when probe is deferred (bsc#1012628). - leds: lt3593: Put fwnode in any case during ->probe() (bsc#1012628). - leds: rt8515: Put fwnode in any case during ->probe() (bsc#1012628). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (bsc#1012628). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (bsc#1012628). - media: omap3isp: Fix missing unlock in isp_subdev_notifier_complete() (bsc#1012628). - media: venus: hfi: fix return value check in sys_get_prop_image_version() (bsc#1012628). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (bsc#1012628). - media: venus: helper: do not set constrained parameters for UBWC (bsc#1012628). - soc: mmsys: mediatek: add mask to mmsys routes (bsc#1012628). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (bsc#1012628). - PCI: PM: Enable PME if it can be signaled from D3cold (bsc#1012628). - bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (bsc#1012628). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (bsc#1012628). - net: dsa: build tag_8021q.c as part of DSA core (bsc#1012628). - net: dsa: tag_sja1105: optionally build as module when switch driver is module if PTP is enabled (bsc#1012628). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1012628). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (bsc#1012628). - arm64: dts: qcom: sc7280: Fixup the cpufreq node (bsc#1012628). - arm64: dts: qcom: sm8350: fix IPA interconnects (bsc#1012628). - drm: bridge: it66121: Check drm_bridge_attach retval (bsc#1012628). - net: ti: am65-cpsw-nuss: fix RX IRQ state after .ndo_stop() (bsc#1012628). - net: dsa: stop syncing the bridge mcast_router attribute at join time (bsc#1012628). - net: dsa: mt7530: remove the .port_set_mrouter implementation (bsc#1012628). - net: dsa: don't disable multicast flooding to the CPU even without an IGMP querier (bsc#1012628). - PM: EM: Increase energy calculation precision (bsc#1012628). - selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (bsc#1012628). - leds: lgm-sso: Propagate error codes from callee to caller (bsc#1012628). - drm/msm: Fix error return code in msm_drm_init() (bsc#1012628). - drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (bsc#1012628). - drm/msm/mdp4: move HW revision detection to earlier phase (bsc#1012628). - drm/msm/dp: update is_connected status base on sink count at dp_pm_resume() (bsc#1012628). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (bsc#1012628). - arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 (bsc#1012628). - counter: 104-quad-8: Return error when invalid mode during ceiling_write (bsc#1012628). - cgroup/cpuset: Miscellaneous code cleanup (bsc#1012628). - cgroup/cpuset: Fix violation of cpuset locking rule (bsc#1012628). - ASoC: Intel: Fix platform ID matching (bsc#1012628). - Bluetooth: fix repeated calls to sco_sock_kill (bsc#1012628). - drm/msm/dsi: Fix some reference counted resource leaks (bsc#1012628). - drm/msm/dp: replug event is converted into an unplug followed by an plug events (bsc#1012628). - net/mlx5: Fix unpublish devlink parameters (bsc#1012628). - ASoC: rt5682: Properly turn off regulators if wrong device ID (bsc#1012628). - usb: dwc3: meson-g12a: add IRQ check (bsc#1012628). - usb: dwc3: qcom: add IRQ check (bsc#1012628). - usb: gadget: udc: at91: add IRQ check (bsc#1012628). - usb: gadget: udc: s3c2410: add IRQ check (bsc#1012628). - mac80211: remove unnecessary NULL check in ieee80211_register_hw() (bsc#1012628). - usb: misc: brcmstb-usb-pinmap: add IRQ check (bsc#1012628). - usb: phy: fsl-usb: add IRQ check (bsc#1012628). - usb: phy: twl6030: add IRQ checks (bsc#1012628). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (bsc#1012628). - selftests/bpf: Fix test_core_autosize on big-endian machines (bsc#1012628). - devlink: Clear whole devlink_flash_notify struct (bsc#1012628). - samples: pktgen: add missing IPv6 option to pktgen scripts (bsc#1012628). - net: stmmac: fix INTR TBU status affecting irq count statistic (bsc#1012628). - PM: cpu: Make notifier chain use a raw_spinlock_t (bsc#1012628). - usb: host: ohci-tmio: add IRQ check (bsc#1012628). - usb: phy: tahvo: add IRQ check (bsc#1012628). - libbpf: Re-build libbpf.so when libbpf.map changes (bsc#1012628). - mac80211: Fix insufficient headroom issue for AMSDU (bsc#1012628). - locking/local_lock: Add missing owner initialization (bsc#1012628). - lockd: Fix invalid lockowner cast after vfs_test_lock (bsc#1012628). - SUNRPC: Fix a NULL pointer deref in trace_svc_stats_latency() (bsc#1012628). - nfsd4: Fix forced-expiry locking (bsc#1012628). - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (bsc#1012628). - clk: staging: correct reference to config IOMEM to config HAS_IOMEM (bsc#1012628). - i2c: synquacer: fix deferred probing (bsc#1012628). - hwmon: (pmbus/bpa-rs600) Don't use rated limits as warn limits (bsc#1012628). - hwmon: remove amd_energy driver in Makefile (bsc#1012628). - ASoC: fsl_rpmsg: Check -EPROBE_DEFER for getting clocks (bsc#1012628). - firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (bsc#1012628). - usb: gadget: mv_u3d: request_irq() after initializing UDC (bsc#1012628). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1012628). - lkdtm: replace SCSI_DISPATCH_CMD with SCSI_QUEUE_RQ (bsc#1012628). - Bluetooth: add timeout sanity check to hci_inquiry (bsc#1012628). - i2c: iop3xx: fix deferred probing (bsc#1012628). - i2c: s3c2410: fix IRQ check (bsc#1012628). - i2c: hix5hd2: fix IRQ check (bsc#1012628). - gfs2: init system threads before freeze lock (bsc#1012628). - drm/exynos: g2d: fix missing unlock on error in g2d_runqueue_worker() (bsc#1012628). - rsi: fix error code in rsi_load_9116_firmware() (bsc#1012628). - rsi: fix an error code in rsi_probe() (bsc#1012628). - octeontx2-af: cn10k: Fix SDP base channel number (bsc#1012628). - octeontx2-pf: send correct vlan priority mask to npc_install_flow_req (bsc#1012628). - octeontx2-af: Check capability flag while freeing ipolicer memory (bsc#1012628). - octeontx2-pf: Don't install VLAN offload rule if netdev is down (bsc#1012628). - octeontx2-pf: Fix algorithm index in MCAM rules with RSS action (bsc#1012628). - octeontx2-af: cn10k: Use FLIT0 register instead of FLIT1 (bsc#1012628). - m68k: coldfire: return success for clk_enable(NULL) (bsc#1012628). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (bsc#1012628). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (bsc#1012628). - ASoC: Intel: Skylake: Fix module resource and format selection (bsc#1012628). - mmc: sdhci: Fix issue with uninitialized dma_slave_config (bsc#1012628). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (bsc#1012628). - mmc: moxart: Fix issue with uninitialized dma_slave_config (bsc#1012628). - ASoC: wm_adsp: Put debugfs_remove_recursive back in (bsc#1012628). - bpf: Fix possible out of bound write in narrow load handling (bsc#1012628). - hv_utils: Set the maximum packet size for VSS driver to the length of the receive buffer (bsc#1012628). - CIFS: Fix a potencially linear read overflow (bsc#1012628). - i2c: mt65xx: fix IRQ check (bsc#1012628). - i2c: xlp9xx: fix main IRQ check (bsc#1012628). - octeontx2-pf: cn10k: Fix error return code in otx2_set_flowkey_cfg() (bsc#1012628). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (bsc#1012628). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (bsc#1012628). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (bsc#1012628). - tty: serial: fsl_lpuart: fix the wrong mapbase value (bsc#1012628). - ASoC: wcd9335: Fix a double irq free in the remove function (bsc#1012628). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (bsc#1012628). - ASoC: wcd9335: Disable irq on slave ports in the remove function (bsc#1012628). - iwlwifi: skip first element in the WTAS ACPI table (bsc#1012628). - net/mlx5: Lag, fix multipath lag activation (bsc#1012628). - net/mlx5: Remove all auxiliary devices at the unregister event (bsc#1012628). - net/mlx5e: Fix possible use-after-free deleting fdb rule (bsc#1012628). - net/mlx5: E-Switch, Set vhca id valid flag when creating indir fwd group (bsc#1012628). - net/mlx5e: Use correct eswitch for stack devices with lag (bsc#1012628). - misc/pvpanic: fix set driver data (bsc#1012628). - ice: fix Tx queue iteration for Tx timestamp enablement (bsc#1012628). - ice: add lock around Tx timestamp tracker flush (bsc#1012628). - ice: restart periodic outputs around time changes (bsc#1012628). - ice: Only lock to update netdev dev_addr (bsc#1012628). - net: phy: marvell10g: fix broken PHY interrupts for anyone after us in the driver probe list (bsc#1012628). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (bsc#1012628). - ALSA: usb-audio: Add lowlatency module option (bsc#1012628). - atlantic: Fix driver resume flow (bsc#1012628). - bcma: Fix memory leak for internally-handled cores (bsc#1012628). - brcmfmac: pcie: fix oops on failure to resume and reprobe (bsc#1012628). - ipv6: make exception cache less predictible (bsc#1012628). - ipv4: make exception cache less predictible (bsc#1012628). - net: qrtr: make checks in qrtr_endpoint_post() stricter (bsc#1012628). - sch_htb: Fix inconsistency when leaf qdisc creation fails (bsc#1012628). - net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed (bsc#1012628). - net: qualcomm: fix QCA7000 checksum handling (bsc#1012628). - octeontx2-af: Fix loop in free and unmap counter (bsc#1012628). - octeontx2-af: Fix mailbox errors in nix_rss_flowkey_cfg (bsc#1012628). - octeontx2-af: Fix static code analyzer reported issues (bsc#1012628). - octeontx2-af: Set proper errorcode for IPv4 checksum errors (bsc#1012628). - ipv4: fix endianness issue in inet_rtm_getroute_build_skb() (bsc#1012628). - ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (bsc#1012628). - iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (bsc#1012628). - f2fs: guarantee to write dirty data when enabling checkpoint back (bsc#1012628). - time: Handle negative seconds correctly in timespec64_to_ns() (bsc#1012628). - auxdisplay: hd44780: Fix oops on module unloading (bsc#1012628). - io_uring: limit fixed table size by RLIMIT_NOFILE (bsc#1012628). - io_uring: IORING_OP_WRITE needs hash_reg_file set (bsc#1012628). - io_uring: io_uring_complete() trace should take an integer (bsc#1012628). - io_uring: fail links of cancelled timeouts (bsc#1012628). - bio: fix page leak bio_add_hw_page failure (bsc#1012628). - raid1: ensure write behind bio has less than BIO_MAX_VECS sectors (bsc#1012628). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1012628). - smb3: fix posix extensions mount option (bsc#1012628). - tty: Fix data race between tiocsti() and flush_to_ldisc() (bsc#1012628). - perf/x86/intel/uncore: Fix IIO cleanup mapping procedure for SNR/ICX (bsc#1012628). - Revert "KVM: x86: mmu: Add guest physical address check in translate_gpa()" (bsc#1012628). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1012628). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (bsc#1012628). - KVM: x86: clamp host mapping level to max_level in kvm_mmu_max_mapping_level (bsc#1012628). - KVM: x86/mmu: Avoid collision with !PRESENT SPTEs in TDP MMU lpage stats (bsc#1012628). - KVM: VMX: avoid running vmx_handle_exit_irqoff in case of emulation (bsc#1012628). - KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (bsc#1012628). - KVM: arm64: Unregister HYP sections from kmemleak in protected mode (bsc#1012628). - KVM: arm64: vgic: Resample HW pending state on deactivation (bsc#1012628). - ARM: dts: at91: add pinctrl-{names, 0} for all gpios (bsc#1012628). - io-wq: check max_worker limits if a worker transitions bound state (bsc#1012628). - md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1012628). - char: tpm: Kconfig: remove bad i2c cr50 select (bsc#1012628). - fuse: truncate pagecache on atomic_o_trunc (bsc#1012628). - fuse: flush extending writes (bsc#1012628). - fuse: wait for writepages in syncfs (bsc#1012628). - IMA: remove -Wmissing-prototypes warning (bsc#1012628). - IMA: remove the dependency on CRYPTO_MD5 (bsc#1012628). - fbmem: don't allow too huge resolutions (bsc#1012628). - ACPI: PRM: Find PRMT table before parsing it (bsc#1012628). - RDMA/mlx5: Fix number of allocated XLT entries (bsc#1012628). - bootconfig: Fix missing return check of xbc_node_compose_key function (bsc#1012628). - backlight: pwm_bl: Improve bootloader/kernel device handover (bsc#1012628). - parisc: Fix unaligned-access crash in bootloader (bsc#1012628). - clk: kirkwood: Fix a clocking boot regression (bsc#1012628). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1012628). - Refresh patches.suse/Bluetooth-schedule-SCO-timeouts-with-delayed_work.patch. - Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch. - Update config files. - commit 8706151 - Bluetooth: Move shutdown callback before flushing tx and rx queue (bsc#1190424). - commit 40ccc64 - fixup "rpm: support gz and zst compression methods" once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods") Fixes: 23510fce36ec ("fixup "rpm: support gz and zst compression methods"") - commit 165378a - Linux 5.14.3 (bsc#1012628). - cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports (bsc#1012628). - cxl/pci: Fix lockdown level (bsc#1012628). - cxl/pci: Fix debug message in cxl_probe_regs() (bsc#1012628). - PCI: Call Max Payload Size-related fixup quirks early (bsc#1012628). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1012628). - staging: mt7621-pci: fix hang when nothing is connected to pcie ports (bsc#1012628). - xhci: Fix failure to give back some cached cancelled URBs (bsc#1012628). - xhci: fix unsafe memory usage in xhci tracing (bsc#1012628). - xhci: fix even more unsafe memory usage in xhci tracing (bsc#1012628). - usb: mtu3: fix the wrong HS mult value (bsc#1012628). - usb: mtu3: use @mult for HS isoc or intr (bsc#1012628). - usb: mtu3: restore HS function when set SS/SSP (bsc#1012628). - usb: gadget: tegra-xudc: fix the wrong mult value for HS isoc or intr (bsc#1012628). - usb: cdnsp: fix the wrong mult value for HS isoc or intr (bsc#1012628). - usb: xhci-mtk: fix issue of out-of-bounds array access (bsc#1012628). - usb: host: xhci-rcar: Don't reload firmware after the completion (bsc#1012628). - Bluetooth: btusb: Make the CSR clone chip force-suspend workaround more generic (bsc#1012628). - Bluetooth: Add additional Bluetooth part for Realtek 8852AE (bsc#1012628). - ALSA: usb-audio: Add registration quirk for JBL Quantum 800 (bsc#1012628). - Revert "r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM" (bsc#1012628). - igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1012628). - can: c_can: fix null-ptr-deref on ioctl() (bsc#1012628). - firmware: dmi: Move product_sku info to the end of the modalias (bsc#1012628). - commit 87c3051 - fixup "rpm: support gz and zst compression methods" once more Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods") Fixes: 23510fce36ec ("fixup "rpm: support gz and zst compression methods"") - commit 34e68f4 - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - commit 3b944fc - fixup "rpm: support gz and zst compression methods" Fixes: 3b8c4d9bcc24 ("rpm: support gz and zst compression methods") - commit 23510fc - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).") - commit 8684de8 - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - commit 5d1f677 - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - commit d7d2e6e - Document suse-hv-guest-os-id.patch (bsc#814005, bsc#1189965). - commit 6205661 - Delete 0001-apparmor-fix-unnecessary-creation-of-net-compat.patch (bsc#1189978) Compat patch no longer required since userspace is upgraded to v3.x - commit c28bbe5 - supported-flag: consolidate separate patches into one The history of the five supported flag patches can be found in the commit log. This commit unifies them and reverts the removal of get_next_line from mainline to allow supported() to repeatedly scan the file in memory without modifying it. I looked into using tsearch() to handle the lookups and it turns out that it's no faster than just scanning the file repeatedly in memory. - commit d3dcd16 - Delete patches.suse/setuid-dumpable-wrongdir (bsc#1189957). - commit 762368d - Bluetooth: schedule SCO timeouts with delayed_work (CVE-2021-3640 bsc#1188172). - Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch. - commit 2605fb9 - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - commit b41e4fd - Linux 5.14.2 (bsc#1012628). - ext4: fix race writing to an inline_data file while its xattrs are changing (bsc#1012628). - ext4: fix e2fsprogs checksum failure for mounted filesystem (bsc#1012628). - xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG (bsc#1012628). - USB: serial: pl2303: fix GL type detection (bsc#1012628). - USB: serial: cp210x: fix control-characters error handling (bsc#1012628). - USB: serial: cp210x: fix flow-control error handling (bsc#1012628). - ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (bsc#1012628). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (bsc#1012628). - ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (bsc#1012628). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (bsc#1012628). - ALSA: usb-audio: Work around for XRUN with low latency playback (bsc#1012628). - media: stkwebcam: fix memory leak in stk_camera_probe (bsc#1012628). - commit b155faa - series.conf: cleanup - update upstream reference and move to appropriate section: - patches.suse/crypto-ecc-handle-unaligned-input-buffer-in-ecc_swap.patch - commit 1eedbb8 - crypto: ecc - handle unaligned input buffer in ecc_swap_digits (bsc#1188327). - commit f7925a4 - Refresh patches.suse/scsi-retry-alua-transition-in-progress. - Delete patches.suse/megaraid-mbox-fix-SG_IO. - commit d1e442c - memcg: enable accounting of ipc resources (bsc#1190115 CVE-2021-3759). - commit 9193235 - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). These are unchanged since 2011 when they were introduced. No need to track them separately. - commit 692d38b - rpm: Abolish image suffix (bsc#1189841). This is used only with vanilla kernel which is not supported in any way. The only effect is has is that the image and initrd symlinks are created with this suffix. These symlinks are not used except on s390 where the unsuffixed symlinks are used by zipl. There is no reason why a vanilla kernel could not be used with zipl as well as it's quite unexpected to not be able to boot when only a vanilla kernel is installed. Finally we now have a backup zipl kernel so if the vanilla kernel is indeed unsuitable the backup kernel can be used. - commit e2f37db - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - commit e602b0f - rpm: Define $certs as rpm macro (bsc#1189841). Also pass around only the shortened hash rather than full filename. As has been discussed in bsc#1124431 comment 51 https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of the certificates is an API which cannot be changed unless we can ensure that no two kernels that use different certificate location can be built with the same certificate. - commit d9a1357 - watchdog: Fix NULL pointer dereference when releasing cdev (bsc#1190093). - Update config files. We can enable the option after this fix again. - commit 65109d0 - Linux 5.14.1 (bsc#1012628). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (bsc#1012628). - net: dsa: mt7530: fix VLAN traffic leaks again (bsc#1012628). - btrfs: fix NULL pointer dereference when deleting device by invalid id (bsc#1012628). - Revert "floppy: reintroduce O_NDELAY fix" (bsc#1012628). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1012628). - ext4: report correct st_size for encrypted symlinks (bsc#1012628). - f2fs: report correct st_size for encrypted symlinks (bsc#1012628). - ubifs: report correct st_size for encrypted symlinks (bsc#1012628). - net: don't unconditionally copy_from_user a struct ifreq for socket ioctls (bsc#1012628). - audit: move put_tree() to avoid trim_trees refcount underflow and UAF (bsc#1012628). - commit 1059c60 - update patches metadata - update upstream references: - patches.suse/Bluetooth-avoid-circular-locks-in-sco_sock_connect.patch - patches.suse/Bluetooth-btusb-Add-support-for-Foxconn-Mediatek-Chi.patch - patches.suse/Bluetooth-btusb-Add-support-for-IMC-Networks-Mediate.patch - patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch - commit c2e3f15 - HID: usbhid: Simplify code in hid_submit_ctrl() (<cover.1630658591.git.mkubecek@suse.cz>). - HID: usbhid: Fix warning caused by 0-length input reports (<cover.1630658591.git.mkubecek@suse.cz>). - HID: usbhid: Fix flood of "control queue full" messages (<cover.1630658591.git.mkubecek@suse.cz>). - commit 4552165 - Delete patches.suse/hid-fix-length-inconsistency.patch. To be replaced by a cherry pick of corresponding upstream commits. - commit ba7e2a2 - Delete patches.suse/Revert-netfilter-conntrack-remove-helper-hook-again.patch (bsc#1189964) The regression addressed by this revert was fixed properly by mainline commit ee04805ff54a ("netfilter: conntrack: make conntrack userspace helpers work again") in 5.7. - commit 775ed38 - series.conf: cleanup Move queued patches to "almost mainline" section. No effect on expanded tree. - commit e91bb9d - vt_kdsetmode: extend console locking (bsc#1190025 CVE-2021-3753). - commit 18d6ea3 - Update config files. Disable CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT (bsc#1190093) - commit 55bd270 - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() (CVE-2021-3640 bsc#1188172). - commit b9d15a3 - Delete patches.suse/uapi-add-a-compatibility-layer-between-linux-uio-h-and-glibc (bsc#1189959). No longer needed, since it's upstream now. - commit b1aeba4 - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - commit e98096d - arm64: Update config files. (bsc#1189922) Enable ISP1760_DUAL_ROLE - commit c265161 - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - commit 357f09a - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release has arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - commit 56f2cba - Update to 5.14 final - refresh configs - commit d419f63 - config: update and enable armv6hl New config option values copied from arvm7hl. - commit 7224850 - config: update and enable armv7hl New config option values copied from arm64 except: - PCI_IXP4XX=n (does not allow module build) - MTD_NAND_PL35X=m - IPMI_KCS_BMC_CDEV_IPMI=m - IPMI_KCS_BMC_SERIO=m - MSC313E_WATCHDOG=m - REGULATOR_MT6359=m - REGULATOR_RT5033=m - ARM_GT_INITIAL_PRESCALER_VAL=2 (default) - INTEL_QEP=m - commit 2df785b ==== keylime ==== Version update (6.1.1 -> 6.2.0) Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Update to version 6.2.0: * Fix bug #757 where revoc cert was treated as text * Code improvement: removal of extra dependencies in measured boot attestation (#755) * Sanitize the exclude list while it is ingested at `tenant` by removing comments (^#) and empty lines. * tenant: show severity level and last event id in status * verifier: move to new failure architecture * pcr validation: move to new failure architecture * measured boot: move to new failure architecture * ima: move to new failure architecture * failure: add infrastructure to tag and collect revocation events in Keylime * Simulating use of SSLContext.minimum_version on ssl v3.6 * verifier: fix minor typos * Add tests for ca_impl_cfssl and ca_util * Replace M2Crypto with python-cryptography * tenant: status now shows if a agent was added to the registrar * tenant: open file to send utf-8 encoded * Correct some comments about and remove vestige in MB policy * fixing a small bug that resulted in malformed refstates not failing MBA * agent: ensure that EK is in PEM format when used as uuid * Solves #703 by adding a "non-trivial" example of a "measured boot policy" (#734) * ci: build and publish container images * codestyle: fix W0612 and R1735 pylint errors * codestyle: fix W1514 pylint error * systemd: Add KillSignal=SIGINT to keylime_agent.service * One-liner to set the minimum version of TLS to v1.2 * pylint fix * Typo fix: return list order confusion between measured_boot.py and tpm_abstract.py * Refactor keylime_logging module * ima: Implement ima-buf validator and validate keys on keyrings (#725) * Remove Python 2 leftovers * Additional fix for the processing of "tpm_policy" * ima: Return an empty allowlist rather than a plain empty list * verifier: convert (v)tpm_policy in DB from string to JSONPickleType * verifier: Create AgentAttestState objects from entries in the db * verifier: Persist the IMA attestation state after running the log verification * db: Add DB migration file for boottime, ima_pcrs, pcr10, and next_ima_ml_entries * verifier: Skip attestation one time if agent's boottime changed * test: Add test case simulating iterative attestation * verifier: Delete an AgentAttestState when deleting an agent * ima: Remember the number of lines successfully processed and last IMA PCR value(s) * ima: Reset the attestation if processing the measurement list fails * debug: Show line number when PCR match occurs * verifier: Extend AgentAttestState with state of the IMA PCR * Consult the AgentAttestState for the next measurement list entry * Introduce an AgentAttestState class for passing state through the APIs * verifier: Request IMA log at entry 0 for now * agent: Get boottime and transfer to verifier * agent: Add support for optional IMA log offset parameter * tests: Add a unit test for the IMA function and run it * agent: Move IMA measurement list reading function to ima.py * Add default verifier-check value * Use tox for pylint * Use Fedora 34 as base image for CI container * Run ci jobs only when needed * config: merge convert and list_convert into the same function * Versioned APIs * Refacator of check_pcrs to parse then validate (#716) * Automatically calculates the boot_aggregate from the measured boot log. (#713) * Set default UUID as lowercase (#699) * tenant: do_cvdelete wait until 404 * Ensures the output of `bulkinfo` command in `keylime_tenant` is JSON * ima: Convert pcrval to bytes to increase efficiency * tests: extend ima tests for signature validation and exclude lists * Allow agents to specify a contact ip address and port for the tenant and CV (#690) * verifer: Fix signature and allowlist evaluation bahavior change * ima: Fix runtime error due to wrong datatype * tenant: add the option to specify the registrar ip and port * measured_boot: drop process_refstate * check_pcrs: match PCR if no mb_refstate is provided * ci: make run_local.sh work with newer docker versions * Fixing pylint errors (#698) * tests: add IMA test where validation should be ignored * ima: Use ima_ast for parsing and validation * tests: Add test for ima AST parser * ima: Introducing a AST for parsing and validation * Make stalebot a bit nicer * enable tenant to fetch all (or verifier specific) agents info in a single call from the verifier * Flush all sessions from TPM device (#682) * multiple named verifiers sharing a single database * webapp: fix tls certs paths (#659) * Corrects markdown to have proper rendering (#673) * ima_file_signatures: Extract keyidv2 from x509 certs * installer: Add '-r' option to cp to copy directory (issue #671) * config: Add optional fallback parameter to get() * agent: Fix the usage of dmidecode during the agent startup (issue #664) * agent: Rename allowlist to ima_allowlist in keylime.conf * Fix decoding error in user_data_encrypt * agent: Fix issue #667 by testing for an empty ima_sign_verification_keys list * Addresses issue #660 (database path while running local tests) (#665) * ima: Return 'None' when ImaKeyring.from_string() called with emtpy string * tests: Move unittests into files with suffix _test.py * Fixes and improvements for database configuration (#654) * Add signature verification support for local and remote IMA signature verification keys (#597) * install: Remove TPM 1.2 support from installer and bundeling scripts * CI/CD: Remove tpm1.2 testing support * Remove duplicated calls to verifier * Remove adding entropy to system rng * Cleanup and fix error case in encryptAIK (#648) * Move measured boot related code into functions to make check_pcrs readable (#642) * Move code related to tpm2_checkquote into its own function (#639) * scripts: Cleanup shell script formatting * installer.sh: Do not delete the local copy of the certificates. * Fix user_data_encrypt to UTF8 decode before print * tpm_abstract: Fix adding of entropy * codestyle: Ignore R1732 implemented by pylint >=2.8.0 * a fix for letting JSON encoding bytes correctly * Adding back reglist to the list of commands that don't need a -t argument * Invoke tpm2_evictcontrol for 4.0 and 4.2 tools if aik_handle exists (#624) * Addresses #436 (#611) * Fixes #620 * Include PCR16 in the quote only when needed * Close leaking file descriptors (#622) * installer.sh: Add missing spaces when efivar is added * More ima_emulator_adapter cleanups (#616) * installer: Add json-c-devel/json-c-dev to BUILD_TOOLS for tpm2-tss build * Remove more commented code in ca_util.py * installer: Only install efi library on x86_64 systems * Create allowlist table and basic API support * installer: Add libuuid-devel/uuid-dev to BUILD_TOOLS for tpm2_tools build * WIP: Some cleanups (#612) * Remove _cLime.c * config: Document the measured boot PCRs and what is using them * Very simple fix for the agent (re: measured boot) The agent code does not need to import "measured boot policies" * ima_emulator_adapater: Remove unnecessary global statement * webapp: Fix private key and certificate path (issue #604) * Add support for keylime_webapp service to read intervals from keylime.conf ==== kmod ==== Subpackages: libkmod2 - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). * Refres no-stylesheet-download.patch ==== krb5 ==== - Fix KDC null pointer dereference via a FAST inner body that lacks a server field; (CVE-2021-37750); (bsc#1189929); - Added patches: * 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch ==== kubernetes ==== Version update (1.22.1 -> 1.22.2) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Bump kubernetes-* to 1.22.2 and *-minus1 to 1.21.5 ==== kubernetes1.21 ==== Version update (1.21.4 -> 1.21.5) - Update to version 1.21.5: * Update to go1.16.8 * legacy-cloud-providers: aws: Add support for consuming web identity credentials * e2e iperf2 change threshold to 10MBps = 80 Mbps * Fix NodeAuthenticator tests in dual stack * Fix the key missing issue for structured log * Fix a small regression in Service updates * Service: Fix semantics for Update wrt allocations * Don't prematurely close reflectors in case of slow initialization in watch based manager * Fix storage class setup in regional_pd.go * backport 104410 to release-1.21 * pkg/kubelet/cm: use SkipFreezeOnSet * vendor: bump runc to 1.0.2 * Switch to non-deprecated timestamppb.Now() * Fix buckets initialization * fix: ensure InstanceShutdownByProviderID return false for creating Azure VMs * fix: skip case sensitivity when checking Azure NSG rules * Keep MakeMountArgSensitive and add a new signature that receives flags * Update the unit tests to handle mountFlags * Add missing interface method in mount_unsupported.go * Pass additional flags to subpath mount to avoid flakes in certain conditions * Update CHANGELOG/CHANGELOG-1.21.md for v1.21.4 * Copy golang license to staging copies * delete stale UDP conntrack entries for loadbalancer IPs * Set idle and readheader timeouts ==== kubernetes1.22 ==== Version update (1.22.1 -> 1.22.2) Subpackages: kubernetes1.22-client kubernetes1.22-client-common kubernetes1.22-kubeadm kubernetes1.22-kubelet kubernetes1.22-kubelet-common - Update to version 1.22.2: * [go1.16] Update to go1.16.8 * Fix Job tracking with finalizers for more than 500 pods * e2e iperf2 change threshold to 10MBps = 80 Mbps * legacy-cloud-providers: aws: Add support for consuming web identity credentials * Fix the key missing issue for structured log * add a test for jsonpath template parsing to prevent regressions * revert "fix wrong output when using jsonpath" * Fix a small regression in Service updates * kubelet: Admission must exclude completed pods and avoid races * Don't prematurely close reflectors in case of slow initialization in watch based manager * backport 104410 to release-1.22 * Fix storage class setup in regional_pd.go * pkg/kubelet/cm: use SkipFreezeOnSet * vendor: bump runc to 1.0.2 * vendor: bump k8s.io/util to get fix for LRU cache * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.1 * fix: ensure InstanceShutdownByProviderID return false for creating Azure VMs * fix: skip case sensitivity when checking Azure NSG rules * Copy golang license to staging copies ==== kubic-control ==== Version update (0.12 -> 0.12.1) Subpackages: kubic-haproxycfg kubicctl kubicd - Update to version 0.12.1 - Fix cluster upgrade ==== less ==== - Add missing runtime dependency on which, which it is used by lessopen.sh. Fix bsc#1190552. ==== libXi ==== Version update (1.7.10 -> 1.8) - Update to version 1.8 * This release of libXi marks the support of XI 2.4 touchpad gesture events official. This feature is the only difference between libXi 1.8 and the latest release in the 1.7.x series (1.7.10). ==== libapparmor ==== - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) ==== libcontainers-common ==== - Comment out ostree_repo if it's blank [boo#1189893] - Comment out ostree_repo [boo#1189893] ==== libdrm ==== - covers jira#SLE/SLE-18743 ==== libepoxy ==== Version update (1.5.8 -> 1.5.9) - needed for jira#SLE/SLE-19965, jira#SLE/SLE-19964, jira#SLE/SLE-18653 - Update to version 1.5.9: + Allow libopengl.so to be used when GLX_LIB is missing. ==== libfido2 ==== Version update (1.7.0 -> 1.8.0) - Removed fix-cmake-linking.patch because no longer needed - Update to version 1.8.0: * Dropped 'Requires.private' entry from pkg-config file. * Better support for FIDO 2.1 authenticators. * Support for Windows's native webauthn API. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - disable fix-cmake-linking.patch, not needed currently ==== libglvnd ==== - covers jira#SLE/SLE-18743 ==== libgudev ==== Version update (234 -> 237) - Update to version 237: + Fix reading double precision floats from sysfs attributes in locales that use comma as a separator + Fix compilation warning + Fix headers to help with build reproducibility + Clarify licensing information - Changes from version 236: + Fix meson project name to match autotools. - Changes from version 235: + Port build system to meson and remove autotools + Fix conversion of sysfs attributes to boolean. - Add meson BuildRequires and macros following upstreams port. - Enable pkgconfig(umockdev-1.0) BuildRequires and test macro. - Update Licence tag to LGPL-2.1-or-later. ==== libhugetlbfs ==== - Add glibc-2.34-fix.patch as a fix for upstream issue gh#52: https://github.com/libhugetlbfs/libhugetlbfs/pull/63/commits (boo#1189094). - Update to version 2.23.0.g6b126a4: * Update NEWS for 2.23 release * Wait child with os.wait() * Makefile: add MANDIR variable * Makefile: skip LIB resolve check if NATIVEONLY * Introduce basic riscv64 support * ld.hugetlbfs: fix -Ttext-segment argument on AArch64 * tests: add explicit permissions to open() call * Update NEWS for 2.22 release * Convert setup script to python3 * Clean up error checking in dump_proc_pid_maps() ==== libseccomp ==== Version update (2.5.1 -> 2.5.2) - Skip 11-basic-basic_errors test on qemu linux-user emulation - Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. ==== libtirpc ==== Subpackages: libtirpc-netconfig libtirpc3 - Backport DoS vulnerability fix 0001-Fix-DoS-vulnerability-in-libtirpc.patch - Replace %setup with %autosetup ==== libxkbcommon ==== Version update (1.3.0 -> 1.3.1) - Update to release 1.3.1 * In `xkbcli interactive-x11`, use the Esc keysym instead of the Esc keycode for quitting. * In `xkbcli how-to-type`, add `--keysym` argugment for how to type a keysym instead of a Unicode codepoint. * Fix a crash in `xkb_x11_keymap_new_from_device` error handling given some invalid keymaps. Had regressed in 1.2.0. ==== libzypp ==== Version update (17.28.1 -> 17.28.4) - Make sure to keep states alives while transitioning (bsc#1190199) - May set techpreview variables for testing in /etc/zypp/zypp.conf. If environment variables are unhandy one may enable the desired techpreview in zypp.conf as well: [main] techpreview.ZYPP_SINGLE_RPMTRANS=1 techpreview.ZYPP_MEDIANETWORK=1 - version 17.28.4 (22) - CMake/spec: Add option to force SINGLE_RPMTRANS as default for zypper (fixes #340) - Make sure singleTrans is zypper-only for now. - Do not double check signatures and keys (bsc#1190059) - version 17.28.3 (22) - Workaround Bug 1189788: Don't allow ZYPP_SINGLE_RPMTRANS=1 on a not UsrMerged Tumbleweed system. - version 17.28.2 (22) ==== microos-tools ==== Version update (2.11 -> 2.12) - Update to version 2.12 - Remove special MicroOS firstboot script - Remove locale-check, replaced by another aaa_base implementation ==== multipath-tools ==== Version update (0.8.6+32+suse.f11c192 -> 0.8.7+14+suse.5a09bfa) Subpackages: kpartx libmpath0 - Add a versioned dependency of multipath-tools on libmpath0 (bsc#1190622) - Update to version 0.8.7+14+suse.5a09bfa1: * Fix possible string overflows (bsc#1188148) - Upstream fixes / changes * better string handling * multipath: print warning if multipathd isn't running * mpathpersist: better error msg when no usable paths exist * fixes from 0.8.6+32+suse.f11c192 merged upstream ==== ncurses ==== Version update (6.2.20210814 -> 6.2.20210911) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20210911 + adjust ifdef in test_opaque.c to fix build with ncurses 5.7 + add testing note for xterm-{hp|sco|sun} -TD + corrected description for ansi.sys-old -TD + add xterm+nopcfkeys, to fill in keys for xterm-hp, xterm-sun -TD + use hp+arrows in a few places -TD + use hp+pfk-cr in a few places -TD - Correct offsets of patch ncurses-6.2.dif - Add ncurses patch 20210905 + correct logic in filtering of redefinitions (report by Sven Joachim, cf: 20210828). - Add ncurses patch 20210904 + modify linux3.0 entry to reflect default mapping of shift-tab by kbd 1.14 (report by Jan Engelhardt) -TD + add historical note to tput, curses-terminfo and curses-color manpages based on source-code for SVr2, SVr3 and SVr4. + minor grammatical fixes for "it's" vs "its" (report by Nick Black). + amend fix for --disable-root-environ (report by Arnav Singh). + build-fix for compiling link_test + drop symbols GCC_PRINTF and GCC_SCANF from curses.h.in, to simplify use (Debian #993179). - Add ncurses patch 20210828 + correct reversed check for --disable-root-environ (report/analysis by Arnav Singh, cf: 20210626). + apply gcc format attribute to prototypes which use a va_list parameter rather than a "..." variable-length parameter list (prompted by discussion in a tmux pull-request). + modify configure scripts to filter out redefinitions of _XOPEN_SOURCE, e.g., for NetBSD which generally supports 500, but 600 is needed for ncursesw. + improve documentation for tparm and static/dynamic variables. + improve typography in terminfo.5 (patch by Branden Robinson). - Add ncurses patch 20210821 + improve tparm implementation of %P and %g, more closely matching SVr4 terminfo. + move internals of TERMINAL structure to new header term.priv.h + add "check" rule for ncurses/Makefile + corrected tsl capability for terminator -TD + add check in tic to report instances where tparm would detect an error in an expression (cf: 20201010). + correct a few places where SP->_pair_limit was used rather than SP->_pair_alloc (cf: 20170812). + fix missing "%d" for setaf/setab code 8-15 in xterm+direct16 (report by Florian Weimer) -TD + fix some documentation errata from OpenBSD changes. + update config.sub - Correct offsets and dates of patch ncurses-6.2.dif ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client - Add 0001-gssd-fix-crash-in-debug-message.patch Fix crash when rpc-gssd run with -v. (boo#1190144) ==== numactl ==== Version update (2.0.14.17.g498385e -> 2.0.14.20.g4ee5e0c) - Update to version 2.0.14.20.g4ee5e0c: * Fix system call numbers on s390x * numactl.c: fixed debug verify for --preferred option * numactl.c: Fixed description for the usage of numactl ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains these changes not already present: * Handle IPv6 interfaces correctly. (bsc#1187958) * Handle qedi correctly in NPAR mode (bsc#1187958) * Update iscsiadm man page (bsc#1187958) * Update iface.example for ipv6 * Change iscsi IP type from defines to enum. * Handle recv() returning 0 in iscsid_response() ==== open-lldp ==== Version update (1.1+36.e926f7172b96 -> 1.1+44.0f781b4162d3) Subpackages: liblldp_clif1 - Update to version v1.1+44.0f781b4162d3: * agent: reset frame status on message delete * Avoiding null pointer dereference ==== pam ==== Version update (1.5.1 -> 1.5.2) Subpackages: pam_unix - Rename motd.tmpfiles to pam.tmpfiles - Add /run/faillock directory - pam-login_defs-check.sh: adjust for new login.defs variable usages - Update to 1.5.2 Noteworthy changes in Linux-PAM 1.5.2: * pam_exec: implemented quiet_log option. * pam_mkhomedir: added support of HOME_MODE and UMASK from /etc/login.defs. * pam_timestamp: changed hmac algorithm to call openssl instead of the bundled sha1 implementation if selected, added option to select the hash algorithm to use with HMAC. * Added pkgconfig files for provided libraries. * Added --with-systemdunitdir configure option to specify systemd unit directory. * Added --with-misc-conv-bufsize configure option to specify the buffer size in libpam_misc's misc_conv() function, raised the default value for this parameter from 512 to 4096. * Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. pam_tally2 has been removed upstream, remove pam_tally2-removal.patch pam_cracklib has been removed from the upstream sources. This obsoletes pam-pam_cracklib-add-usersubstr.patch and pam_cracklib-removal.patch. The following patches have been accepted upstream and, so, are obsolete: - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch - pam_securetty-don-t-complain-about-missing-config.patch - bsc1184358-prevent-LOCAL-from-being-resolved.patch - revert-check_shadow_expiry.diff [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, pam_securetty-don-t-complain-about-missing-config.patch, bsc1184358-prevent-LOCAL-from-being-resolved.patch, revert-check_shadow_expiry.diff] ==== pam-config ==== Version update (1.3 -> 1.4) - Update to version 1.4 - Fix support for mulitple locations for configuration files - Drop pam-config-fix-pam_keyinit-options.patch - Drop pam-config-remove-bad-access-call.patch ==== pango ==== Version update (1.48.9 -> 1.48.10) - Update to version 1.48.10: + Fix a crash in strikethrough drawing. + pango-view: - Support antialiasing freetype. - Use GraphicsMagick. ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - Fix typo in the icon name for the fips pattern (bsc#1189550) ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Add ethtool to hardware pattern [jsc#PM-2983] - Remove haveged (obsolete with recent kernels) [bsc#1190024] ==== perl ==== Version update (5.32.1 -> 5.34.0) - update to 5.34.0 * Experimental Try/Catch Syntax * Blanks freely allowed within but adjacent to curly braces * New octal syntax 0oddddd * Fix a memory leak in RegEx [GH #18604] * ExtUtils::PL2Bat 0.004 has been added to the Perl core. * Updated Modules and Pragmata - Rebase perl-5.28.0.dif to perl-5.34.0.dif - Rebase perl-incfix.diff - Rebase perl_skip_flaky_tests_powerpc.patch - Drop perl-gdbm-test-no-mmap.diff (no longer needed with gdbm 1.20) - Add c029d660f2fe60699cf64bbb3fa9f671a1a370d5.patch to fix build with gdbm 1.20 - Drop perl-fix2020.patch (included upstream) ==== perl-Bootloader ==== Version update (0.935 -> 0.936) - merge gh#openSUSE/perl-bootloader#136 - report error if config file could not be updated (bsc#1188768) - 0.936 ==== permissions ==== Version update (1550_20210518 -> 1550_20210901) Subpackages: chkstat permissions-config - Update to version 20210901: * libksysguard5: Updated path for ksgrd_network_helper * kdesu: Updated path for kdesud * sbin_dirs cleanup: these binaries have already been moved to /usr/sbin * mariadb: revert auth_pam_tool to /usr/lib{,64} again * cleanup: revert virtualbox back to plain /usr/lib * cleanup: remove deprecated /etc/ssh/sshd_config * hawk_invoke is not part of newer hawk2 packages anymore * cleanup: texlive-filesystem: public now resides in libexec * cleanup: authbind: helper now resides in libexec * cleanup: polkit: the agent now also resides in libexec * libexec cleanup: 'inn' news binaries now reside in libexec ==== pinentry ==== Version update (1.1.1 -> 1.2.0) - pinentry 1.2.0: * qt: Show a warning if Caps Lock is on * qt: Support password formatting. This makes generated passwords easier to transcribe * qt: Fix showing of pinentry window on Wayland * qt: Check passphrase constraints before accepting passphrase if passphrase constraints are requested to be enforced * qt: Improve detection of running in a GUI session * qt: Improve accessibility when entering new password ==== pmdk ==== Version update (1.9 -> 1.11.0) Subpackages: libpmem1 libpmemobj1 - Trim old specfile constructs like defattr. - Renamed libpmem2-1-devel to libpmem2-devel - Update to PMDK 1.11.0 * Version 1.11.0 - Adds new APIs for libpmem2, most notably there are new functions to shrink and extend an existing reservation and a new iterator API for mappings contained within an existing reservation. There's also a new function to retrieve a numa node for a source. - Makes the pmemobj_open() and pmemobj_close() functions from libpmemobj thread-safe. It's now easier to correctly manage persistent memory pools in a parallel environment. - Introduces a new API in libpmemobj to globally change the method of assigning arenas to threads. The default is to rely on a OS per-thread key to store arena information. This release introduces an option to avoid the use of thread-local keys by simply using one global arena for all threads in a pool. - pmem2: don't force smaller alignment for fsdax mappings - rpmem: various fixes for powerpc64le - doc: fix documentation of pmem_is_pmem() - common: fix various minor problems found by static analysis - pmem2: arm64: fix possible data loss on ARMv8.2+ (improper flushing) This release introduces no changes to the on-media layout and is fully compatible with the previous version of PMDK. * Version 1.10 - This release introduces a new stable PMDK library, libpmem2, which is the next major release of libpmem. This library has an entirely new, but familiar, API that addresses many shortcomings of the previous version, while retaining all of its functionality. To learn more, see https://pmem.io/pmdk/libpmem2/ or libpmem2(7). The old library, libpmem, is still going to be maintained for the foreseeable future, but we'd like to encourage any new applications to leverage libpmem2. - Update to PMDK 1.9.2 * Version 1.9.2 - This release reverts an incorrect change in SDS handling "pool: disable SDS check if not supported", and introduces a proper fix for the issues that patch attempted to correct. * Version 1.9.1 - common: fix LIBFABRIC flags - common: Add runtime SDS check and disable - pool: disable SDS check if not supported - obj: fix failure atomicity bug in huge allocs - obj: add missing drain after ulog processing - Drop common-fix-LIBFABRIC-flags.patch (now in upstream) - Add a comment to gen-doc.sh ==== podman ==== Version update (3.2.3 -> 3.3.1) Subpackages: podman-cni-config - require runc >= 1.0.1 - Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the - -pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. - Revert crun change due to crun having exclusive arch targets that would drop podman support in PPC and IBM Z - Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert ".cirrus.yml: use fresh images for all VMs" * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html - Switch to crun (bsc#1188914) ==== python-Jinja2 ==== - Add no-warnings-as-errors.patch: * Do not treat warnings as errors until upstream fix using async loops. - Babel is not required ==== python-Pillow ==== Version update (8.3.1 -> 8.3.2) - update to version 8.3.2: * CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere] * Fix 6-byte OOB read in FliDecode [wiredfool] * Add support for Python 3.10 #5569, #5570 [hugovk, radarhere] * Ensure TIFF RowsPerStrip is multiple of 8 for JPEG compression [#5588] [kmilos, radarhere] * Updates for ImagePalette channel order #5599 [radarhere] * Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library #5651 [nulano] ==== python-greenlet ==== - %check: use %pyunittest rpm macro ==== python-importlib-metadata ==== Version update (3.7.2 -> 4.8.1) - Update to v4.8.1 * #348: Restored support for EntryPoint access by item, deprecating support in the process. Users are advised to use direct member access instead of item-based access: - ep[0] -> ep.name - ep[1] -> ep.value - ep[2] -> ep.group - ep[:] -> ep.name, ep.value, ep.group - Release v4.8.0 * #337: Rewrote EntryPoint as a simple class, still immutable and still with the attributes, but without any expectation for namedtuple functionality such as _asdict. - Release v4.7.1 * #344: Fixed regression in packages_distributions when neither top-level.txt nor a files manifest is present. - Release v4.7.0 * #330: In packages_distributions, now infer top-level names from .files() when a top-level.txt (Setuptools-specific metadata) is not present. - Release v4.6.4 * #334: Correct SimplePath protocol to match pathlib protocol for __truediv__. - Release v4.6.3 * Moved workaround for #327 to _compat module. - Release v4.6.2 * bpo-44784: Avoid errors in test suite when DeprecationWarnings are treated as errors. - Release v4.6.1 * #327: Deprecation warnings now honor call stack variance on PyPy. - Release v4.6.0 * #326: Performance tests now rely on pytest-perf. To disable these tests, which require network access and a git checkout, pass -p no:perf to pytest. - Release v4.5.0 * #319: Remove SelectableGroups deprecation exception for flake8. - Release v4.4.0 * #300: Restore compatibility in the result from Distribution. entry_points (EntryPoints) to honor expectations in older implementations and issuing deprecation warnings for these cases: * EntryPoints objects are once again mutable, allowing for sort () and other list-based mutation operations. Avoid deprecation warnings by casting to a mutable sequence (e.g. list(dist. entry_points).sort()). * EntryPoints results once again allow for access by index. To avoid deprecation warnings, cast the result to a Sequence first (e.g. tuple(dist.entry_points)[0]). - Release v4.3.1 * #320: Fix issue where normalized name for eggs was incorrectly solicited, leading to metadata being unavailable for eggs. - Release v4.3.0 * #317: De-duplication of distributions no longer requires loading the full metadata for PathDistribution objects, entry point loading performance by ~10x. - Release v4.2.0 * Prefer f-strings to .format calls. - Release v4.1.0 * #312: Add support for metadata 2.2 (Dynamic field). * #315: Add SimplePath protocol for interface clarity in PathDistribution. - Release v4.0.1 * #306: Clearer guidance about compatibility in readme. - Release v4.0.0 * #304: PackageMetadata as returned by metadata() and Distribution.metadata() now provides normalized metadata honoring PEP 566: * If a long description is provided in the payload of the RFC 822 value, it can be retrieved as the Description field. * Any multi-line values in the metadata will be returned as such. * For any multi-line values, line continuation characters are removed. This backward-incompatible change means that any projects relying on the RFC 822 line continuation characters being present must be tolerant to them having been removed. * Add a json property that provides the metadata converted to a JSON-compatible form per PEP 566. - Release v3.10.1 * Minor tweaks from CPython. - Release v3.10.0 * #295: Internal refactoring to unify section parsing logic. - Release v3.9.1 * #296: Exclude 'prepare' package. * #297: Fix ValueError when entry points contains comments. - Release v3.9.0 * Use of Mapping (dict) interfaces on SelectableGroups is now flagged as deprecated. Instead, users are advised to use the select interface for future compatibility. * Suppress the warning with this filter: ignore:SelectableGroups dict interface. * Or with this invocation in the Python environment: warnings. filterwarnings('ignore', 'SelectableGroups dict interface'). * Preferably, switch to the select interface introduced in 3.7.0. See the entry points documentation and changelog for the 3.6 release below for more detail. * For some use-cases, especially those that rely on importlib. metadata in Python 3.8 and 3.9 or those relying on older importlib_metadata (especially on Python 3.5 and earlier), backports.entry_points_selectable was created to ease the transition. Please have a look at that project if simply relying on importlib_metadata 3.6+ is not straightforward. Background in #298. * #283: Entry point parsing no longer relies on ConfigParser and instead uses a custom, one-pass parser to load the config, resulting in a ~20% performance improvement when loading entry points. - Release v3.8.2 * #293: Re-enabled lazy evaluation of path lookup through a FreezableDefaultDict. - Release v3.8.1 * #293: Workaround for error in distribution search. - Release v3.8.0 * #290: Add mtime-based caching for FastPath and its lookups, dramatically increasing performance for repeated distribution lookups. - Release v3.7.3 * Docs enhancements and cleanup following review in GH-24782. ==== python-jsonpatch ==== - Don't use python setup.py test expression. ==== python-numpy ==== Version update (1.21.0 -> 1.21.2) - Update to 1.21.2 * #19497: MAINT: set Python version for 1.21.x to <3.11 * #19533: BUG: Fix an issue wherein importing numpy.typing could raise * #19646: MAINT: Update Cython version for Python 3.10. * #19648: TST: Bump the python 3.10 test version from beta4 to rc1 * #19651: TST: avoid distutils.sysconfig in runtests.py * #19652: MAINT: add missing dunder method to nditer type hints * #19656: BLD, SIMD: Fix testing extra checks when -Werror isn't applicable... * #19657: BUG: Remove logical object ufuncs with bool output * #19658: MAINT: Include .coveragerc in source distributions to support... * #19659: BUG: Fix bad write in masked iterator output copy paths * #19660: ENH: Add support for windows on arm targets * #19661: BUG: add base to templated arguments for platlib * #19662: BUG,DEP: Non-default UFunc signature/dtype usage should be deprecated * #19666: MAINT: Add Python 3.10 to supported versions. * #19668: TST,BUG: Sanitize path-separators when running runtest.py * #19671: BLD: load extra flags when checking for libflame * #19676: BLD: update circleCI docker image * #19677: REL: Prepare for 1.21.2 release. - Release 1.21.1 * #19311: REV,BUG: Replace NotImplemented with typing.Any * #19324: MAINT: Fixed the return-dtype of ndarray.real and imag * #19330: MAINT: Replace "dtype[Any]" with dtype in the definiton of... * #19342: DOC: Fix some docstrings that crash pdf generation. * #19343: MAINT: bump scipy-mathjax * #19347: BUG: Fix arr.flat.index for large arrays and big-endian machines * #19348: ENH: add numpy.f2py.get_include function * #19349: BUG: Fix reference count leak in ufunc dtype handling * #19350: MAINT: Annotate missing attributes of np.number subclasses * #19351: BUG: Fix cast safety and comparisons for zero sized voids * #19352: BUG: Correct Cython declaration in random * #19353: BUG: protect against accessing base attribute of a NULL subarray * #19365: BUG, SIMD: Fix detecting AVX512 features on Darwin * #19366: MAINT: remove print()'s in distutils template handling * #19390: ENH: SIMD architectures to show_config * #19391: BUG: Do not raise deprecation warning for all nans in unique... * #19392: BUG: Fix NULL special case in object-to-any cast code * #19430: MAINT: Use arm64-graviton2 for testing on travis * #19495: BUILD: update OpenBLAS to v0.3.17 * #19496: MAINT: Avoid unicode characters in division SIMD code comments * #19499: BUG, SIMD: Fix infinite loop during count non-zero on GCC-11 * #19500: BUG: fix a numpy.npiter leak in npyiter_multi_index_set * #19501: TST: Fix a GenericAlias test failure for python 3.9.0 * #19502: MAINT: Start testing with Python 3.10.0b3. * #19503: MAINT: Add missing dtype overloads for object- and ctypes-based... * #19510: REL: Prepare for NumPy 1.21.1 release. - Drop 0001-BUG-Fix-infinite-loop-on-gcc11.patch fixed upstream (by gcc 11.2) - Drop numpy-pr19326-fix-subarray-segfault.patch merged upstream (backported) ==== python-ordered-set ==== Version update (3.1.1 -> 4.0.2) - Update to version 4.0.2 * Restore compatibility with Python 3.5 * fix packaging, remove vestiges of type stubs * Remove unused type * Add a mailmap * remove old .pyi type stub * Implement code review suggestions for types * Code formatting (isort and black) * Move type annotations inline * Directly distribute type stub file via PEP 561 * Handle another indexing case from NumPy ==== python-pandas ==== Version update (1.3.1 -> 1.3.3) - Update to version 1.3.3 * Fixed regression in DataFrame constructor failing to broadcast for defined Index and len one list of Timestamp (GH42810) * Fixed regression in GroupBy.agg() incorrectly raising in some cases (GH42390) * Fixed regression in GroupBy.apply() where nan values were dropped even with dropna=False (GH43205) * Fixed regression in GroupBy.quantile() which was failing with pandas.NA (GH42849) * Fixed regression in merge() where on columns with ExtensionDtype or bool data types were cast to object in right and outer merge (GH40073) * Fixed regression in RangeIndex.where() and RangeIndex.putmask() raising AssertionError when result did not represent a RangeIndex (GH43240) * Fixed regression in read_parquet() where the fastparquet engine would not work properly with fastparquet 0.7.0 (GH43075) * Fixed regression in DataFrame.loc.__setitem__() raising ValueError when setting array as cell value (GH43422) * Fixed regression in is_list_like() where objects with __iter__ set to None would be identified as iterable (GH43373) * Fixed regression in DataFrame.__getitem__() raising error for slice of DatetimeIndex when index is non monotonic (GH43223) * Fixed regression in Resampler.aggregate() when used after column selection would raise if func is a list of aggregation functions (GH42905) * Fixed regression in DataFrame.corr() where Kendall correlation would produce incorrect results for columns with repeated values (GH43401) * Fixed regression in DataFrame.groupby() where aggregation on columns with object types dropped results on those columns (GH42395, GH43108) * Fixed regression in Series.fillna() raising TypeError when filling float Series with list-like fill value having a dtype which couldn?t cast lostlessly (like float32 filled with float64) (GH43424) * Fixed regression in read_csv() raising AttributeError when the file handle is an tempfile.SpooledTemporaryFile object (GH43439) * Fixed performance regression in core.window.ewm. ExponentialMovingWindow.mean() (GH42333) * Performance improvement for DataFrame.__setitem__() when the key or value is not a DataFrame, or key is not list-like (GH43274) * Fixed bug in DataFrameGroupBy.agg() and DataFrameGroupBy. transform() with engine="numba" where index data was not being correctly passed into func (GH43133) - Release 1.3.2 * Performance regression in DataFrame.isin() and Series.isin() for nullable data types (GH42714) * Regression in updating values of Series using boolean index, created by using DataFrame.pop() (GH42530) * Regression in DataFrame.from_records() with empty records (GH42456) * Fixed regression in DataFrame.shift() where TypeError occurred when shifting DataFrame created by concatenation of slices and fills with values (GH42719) * Regression in DataFrame.agg() when the func argument returned lists and axis=1 (GH42727) * Regression in DataFrame.drop() does nothing if MultiIndex has duplicates and indexer is a tuple or list of tuples (GH42771) * Fixed regression where read_csv() raised a ValueError when parameters names and prefix were both set to None (GH42387) * Fixed regression in comparisons between Timestamp object and datetime64 objects outside the implementation bounds for nanosecond datetime64 (GH42794) * Fixed regression in Styler.highlight_min() and Styler. highlight_max() where pandas.NA was not successfully ignored (GH42650) * Fixed regression in concat() where copy=False was not honored in axis=1 Series concatenation (GH42501) * Regression in Series.nlargest() and Series.nsmallest() with nullable integer or float dtype (GH42816) * Fixed regression in Series.quantile() with Int64Dtype (GH42626) * Fixed regression in Series.groupby() and DataFrame.groupby() where supplying the by argument with a Series named with a tuple would incorrectly raise (GH42731) * Bug in read_excel() modifies the dtypes dictionary when reading a file with duplicate columns (GH42462) * 1D slices over extension types turn into N-dimensional slices over ExtensionArrays (GH42430) * Fixed bug in Series.rolling() and DataFrame.rolling() not calculating window bounds correctly for the first row when center=True and window is an offset that covers all the rows (GH42753) * Styler.hide_columns() now hides the index name header row as well as column headers (GH42101) * Styler.set_sticky() has amended CSS to control the column/index names and ensure the correct sticky positions (GH42537) * Bug in de-serializing datetime indexes in PYTHONOPTIMIZED mode (GH42866) ==== python-simplejson ==== Version update (3.17.3 -> 3.17.5) - update to 3.17.5: * Fix the C extension module to harden is_namedtuple against looks-a-likes such as Mocks. Also prevent dict encoding from causing an unraised SystemError when encountering a non-Dict. Noticed by running user tests against a CPython interpreter with C asserts enabled (COPTS += -UNDEBUG). ==== python38 ==== Version update (3.8.11 -> 3.8.12) - Update to 3.8.12 * Complete list of changes is available at https://docs.python.org/release/3.8.12/whatsnew/changelog.html * Security - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion Laughs? vulnerability. This copy is most used on Windows and macOS. - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - Refreshed patch: * decimal-3.8.patch - Add decimal-3.8.patch to add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling ==== python38-core ==== Version update (3.8.11 -> 3.8.12) Subpackages: libpython3_8-1_0 python38-base - Update to 3.8.12 * Complete list of changes is available at https://docs.python.org/release/3.8.12/whatsnew/changelog.html * Security - bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. - bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 ?Billion Laughs? vulnerability. This copy is most used on Windows and macOS. - bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. - bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. - Refreshed patch: * decimal-3.8.patch - Add decimal-3.8.patch to add building with --with-system-libmpdec option (bsc#1189356). - test_faulthandler is still problematic under qemu linux-user emulation, disable it there - Reenable profileopt with qemu emulation, test_faulthandler is no longer run during profiling ==== qemu ==== Version update (6.0.0 -> 6.1.0) - Fix testsuite dependencies (bsc#1190573) * Patches added: modules-quick-fix-a-fundamental-error-in.patch - Replace patch to fix hardcoded binfmt handler (bsc#1186256) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch * Patches added: qemu-binfmt-conf.sh-should-use-F-as-shor.patch - Stable fixes from upstream * Patches added: 9pfs-fix-crash-in-v9fs_walk.patch i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch plugins-do-not-limit-exported-symbols-if.patch plugins-execlog-removed-unintended-s-at-.patch qemu-sockets-fix-unix-socket-path-copy-a.patch target-i386-add-missing-bits-to-CR4_RESE.patch virtio-balloon-don-t-start-free-page-hin.patch - Fix qemu build on ARMv7 (bsc#1190211) * Patches added: tcg-arm-Fix-tcg_out_vec_op-function-sign.patch - Update supported file for ARM machines. - Keep qemu-img without backing format still deprecated (bsc#1190135) * Patches added: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch - Update the support files to reflect the deprecation. - Update build dependencies versions: libgcrypt >= 1.8.0, gnutls >= 3.5.18, glib >= 2.56, libssh >= 0.8.7 - Fix hardcoded binfmt handler doesn't play well with containers (bsc#1186256) * Patches added: qemu-binfmt-conf.sh-allow-overriding-SUS.patch - Update to v6.1: see https://wiki.qemu.org/ChangeLog/6.1 For a full list of formely deprecated features that are removed, consult: https://qemu-project.gitlab.io/qemu/about/removed-features.html For a list of new deprecated features, consult: https://qemu-project.gitlab.io/qemu/about/deprecated.html Some noteworthy changes: * Removed moxie CPU. * Removed lm32 CPU. * Removed unicore32 CPU. * Removed 'info cpustats'. * Added Aspeed machines: rainier-bmc, quanta-q7l1-bmc. * Added npcm7xx machine: quanta-gbs-bmc. * Model for Aspeed's Hash and Crypto Engine. * SVE2 is now emulated, including bfloat16 support * FEAT_I8MM, FEAT_TLBIOS, FEAT_TLBRANGE, FEAT_BF16, FEAT_AA32BF16, and FEAT_MTE3 are now emulated. * Improved hot-unplug failures on PowerPC pseries machine. * Implemented some POWER10 instructions in TCG. * Added shakti_c RISC-V machine. * Improved documentation for RISC-V machines. * CPU models for gen16 have been added for s390x. * New CPU model versions added with XSAVES enabled: Skylake-Client-v4, Skylake-Server-v5, Cascadelake-Server-v5, Cooperlake-v2, Icelake-Client-v3, Icelake-Server-v5, Denverton-v3, Snowridge-v3, Dhyana-v2 * Added ACPI based PCI hotplug support to Q35 machine. Enabled and used by default since pc-q35-6.1 machine type. * Added support for the pca9546 and pca9548 I2C muxes. * Added support for PMBus and several PMBus devices. * Crypto subsystem: The preferred crypto backend driver now gnutls, with libgcrypt as the second choice, and nettle as third choice, with ordering driven mostly by performance of the ciphers. * Misc doc improvements. * Patches removed: block-nvme-Fix-VFIO_MAP_DMA-failed-No-sp.patch hmp-Fix-loadvm-to-resume-the-VM-on-succe.patch hw-block-nvme-align-with-existing-style.patch hw-block-nvme-consider-metadata-read-aio.patch hw-net-can-sja1000-fix-buff2frame_bas-an.patch hw-nvme-fix-missing-check-for-PMR-capabi.patch hw-nvme-fix-pin-based-interrupt-behavior.patch hw-pci-host-q35-Ignore-write-of-reserved.patch hw-rdma-Fix-possible-mremap-overflow-in-.patch hw-rx-rx-gdbsim-Do-not-accept-invalid-me.patch hw-usb-Do-not-build-USB-subsystem-if-not.patch hw-usb-host-stub-Remove-unused-header.patch linux-user-aarch64-Enable-hwcap-for-RND-.patch module-for-virtio-gpu-pre-load-module-to.patch monitor-qmp-fix-race-on-CHR_EVENT_CLOSED.patch pvrdma-Ensure-correct-input-on-ring-init.patch pvrdma-Fix-the-ring-init-error-flow-CVE-.patch qemu-config-load-modules-when-instantiat.patch qemu-config-parse-configuration-files-to.patch qemu-config-use-qemu_opts_from_qdict.patch runstate-Initialize-Error-to-NULL.patch sockets-update-SOCKET_ADDRESS_TYPE_FD-li.patch target-i386-Exit-tb-after-wrmsr.patch target-sh4-Return-error-if-CPUClass-get_.patch tcg-Allocate-sufficient-storage-in-temp_.patch tcg-arm-Fix-tcg_out_op-function-signatur.patch tcg-sparc-Fix-temp_allocate_frame-vs-spa.patch ui-Fix-memory-leak-in-qemu_xkeymap_mappi.patch usb-hid-avoid-dynamic-stack-allocation.patch usb-limit-combined-packets-to-1-MiB-CVE-.patch usb-mtp-avoid-dynamic-stack-allocation.patch usb-redir-avoid-dynamic-stack-allocation.patch usbredir-fix-free-call.patch vfio-ccw-Permit-missing-IRQs.patch vhost-user-blk-Check-that-num-queues-is-.patch vhost-user-blk-Don-t-reconnect-during-in.patch vhost-user-blk-Fail-gracefully-on-too-la.patch vhost-user-blk-Get-more-feature-flags-fr.patch vhost-user-blk-Make-sure-to-set-Error-on.patch vhost-user-gpu-abstract-vg_cleanup_mappi.patch vhost-user-gpu-fix-leak-in-virgl_cmd_res.patch vhost-user-gpu-fix-leak-in-virgl_resourc.patch vhost-user-gpu-fix-memory-disclosure-in-.patch vhost-user-gpu-fix-memory-leak-in-vg_res.patch vhost-user-gpu-fix-memory-leak-while-cal.patch vhost-user-gpu-fix-OOB-write-in-virgl_cm.patch vhost-user-gpu-fix-resource-leak-in-vg_r.patch vhost-vdpa-don-t-initialize-backend_feat.patch virtio-blk-Fix-rollback-path-in-virtio_b.patch virtio-Fail-if-iommu_platform-is-request.patch virtiofsd-Fix-side-effect-in-assert.patch vl-allow-not-specifying-size-in-m-when-u.patch vl-Fix-an-assert-failure-in-error-path.patch vl-plug-object-back-into-readconfig.patch vl-plumb-keyval-based-options-into-readc.patch x86-acpi-use-offset-instead-of-pointer-w.patch ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Added: * exclude-the-full-path-of-a-download-url-to-prevent-i.patch - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Added: * templates-move-the-globals-up-to-the-environment-jin.patch - Don't pass shell="/sbin/nologin" to onlyif/unless checks (bsc#1188259) - Add missing aarch64 to rpm package architectures - Backport of upstream PR#59492 - Added: * backport-of-upstream-pr59492-to-3002.2-404.patch * don-t-use-shell-sbin-nologin-in-requisites.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Added: * better-handling-of-bad-public-keys-from-minions-bsc-.patch * fix-error-handling-in-openscap-module-bsc-1188647-40.patch * fix-failing-unit-tests-for-systemd.patch - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Added: * do-noop-for-services-states-when-running-systemd-in-.patch - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Added: * enhance-openscap-module-add-xccdf_eval-call-386.patch * handle-master-tops-data-when-states-are-applied-by-t.patch - virt: pass emulator when getting domain capabilities from libvirt - Adding preliminary support for Rocky Linux - Implementation of held/unheld functions for state pkg (bsc#1187813) - Added: * implementation-of-held-unheld-functions-for-state-pk.patch * adding-preliminary-support-for-rocky.-59682-391.patch * virt-pass-emulator-when-getting-domain-capabilities-.patch - Replace deprecated Thread.isAlive() with Thread.is_alive() - Added: * backport-thread.is_alive-fix-390.patch - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Added: * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * fix-save-for-iptables-state-module-bsc-1185131-372.patch - virt: use /dev/kvm to detect KVM - Added: * virt-use-dev-kvm-to-detect-kvm-383.patch - zypperpkg: improve logic for handling vendorchange flags - Added: * move-vendor-change-logic-to-zypper-class-355.patch - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/OpenSUSE distros - Added: * enhance-logging-when-inotify-beacon-is-missing-pyino.patch - Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103) - Check if dpkgnotify is executable (bsc#1186674) - Added: * check-if-dpkgnotify-is-executable-bsc-1186674-376.patch - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Drop support for Python2. Obsoletes "python2-salt" package - Added: * handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch * figure-out-python-interpreter-to-use-inside-containe.patch - grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Added: * fix-missing-minion-returns-in-batch-mode-360.patch * grains.extra-support-old-non-intel-kernels-bsc-11806.patch - Parsing Epoch out of version provided during pkg remove (bsc#1173692) - Added: * parsing-epoch-out-of-version-provided-during-pkg-rem.patch - Fix issue parsing errors in ansiblegate state module - Added: * fix-issue-parsing-errors-in-ansiblegate-state-module.patch - Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607) - transactional_update: detect recursion in the executor - Add subpackage salt-transactional-update (jsc#SLE-18028) - Remove duplicate directories from specfile - Added: * transactional_update-detect-recursion-in-the-executo.patch * prevent-command-injection-in-the-snapper-module-bsc-.patch ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Modified fix_systemd.patch to allow systemd gpt generator access to udev files (bsc#1189280) - fix rebootmgr does not trigger the reboot properly (boo#1189878) * fix managing /etc/rebootmgr.conf * allow rebootmgr_t to cope with systemd and dbus messaging - Properly label cockpit files - Allow wicked to communicate with network manager on DBUS (bsc#1188331) - Added policy module for rebootmgr (jsc#SMO-28) ==== shadow ==== Version update (4.8.1 -> 4.9) Subpackages: login_defs - bsc#1190146: Fix empty subid range Add shadow-4.9-useradd-subuid.patch https://github.com/shadow-maint/shadow/pull/399 - bsc#1190145: Fix double free in gpasswd: Add shadow-4.9-sgent-free.patch upstreamed as https://github.com/shadow-maint/shadow/pull/417 - Fix shadow-login_defs-check.sh: In the last update we switched from calling make to %make_build macro. Using sed to adapt the spec file now. - libsubid-devel: add missing requires for libsubid3 - Remove README.changes-pwdutils, all distros you can upgrade from use already shadow - login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to be compatible with other Linux distros and the other tools creating user accounts in use on openSUSE. Set HOME_MODE to 700 for security reasons and compatibility. [bsc#1189139] [bsc#1182850] - Update to 4.9: * Updated translations * Major salt updates * Various coverity and cleanup fixes * Consistently use 0 to disable PASS_MIN_DAYS in man * Implement NSS support for subids and a libsubid * setfcap: retain setfcap when mapping uid 0 * login.defs: include HMAC_CRYPTO_ALGO key * selinux fixes * Fix path prefix path handling * Manpage updates * Treat an empty passwd field as invalid(Haelwenn Monnier) * newxidmap: allow running under alternative gid * usermod: check that shell is executable * Add yescript support * useradd memleak fixes * useradd: use built-in settings by default * getdefs: add foreign * buffer overflow fixes * Adding run-parts style for pre and post useradd/del - Refresh: * shadow-login_defs-unused-by-pam.patch * userdel-script.patch * useradd-script.patch * chkname-regex.patch * useradd-default.patch: bbf4b79 stopped shipping default file. change group in code now. * shadow-login_defs-suse.patch * useradd-userkeleton.patch - Remove because upstreamed: * shadow-4.1.5.1-userdel-helpfix.patch * shadow-4.1.5.1-logmsg.patch - Add libsubid-build-fix.patch: See https://github.com/shadow-maint/shadow/issues/387 - Add shadow-libeconf-include.patch: See c6847011e8b656adacd9a0d2a78418cad0de34cb - Add shadow-fix-sigabrt.patch: See https://github.com/shadow-maint/shadow/issues/394 - Add shadow-passwd-handle-null.patch [bsc#1188307]: See https://github.com/shadow-maint/shadow/pull/398 - Remove %{_sysconfdir}/default/useradd: file not shipped anymore - Remove --disable-shared: Dont need it anymore See https://github.com/shadow-maint/shadow/issues/336 ==== suse-module-tools ==== Version update (16.0.8+1 -> 16.0.10+7) - Update to version 16.0.10+7: * rpm-script: link config also into /boot (boo#1189879) * weak-modules2: accept modules under /usr/lib/modules on stdin (for support of usr-merged KMPs) * fix scriptlet path (bsc#1189441) - Update to version 16.0.10: * Import kernel scriptlets from kernel-source (bsc#1189441) * README.md: document environment variables for weak-modules2 - Update to version 16.0.9: * weak_modules2: fix "warning: %post(kernel-...) scriptlet failed, exit status 1" message from rpm (boo#1189881) * weak-modules2: add logging at verbose level 2 * weak-modules2: control logging with environment variables WM2_VERBOSE, WM2_DEBUG, WM2_LOGFILE * regenerate-initrd-posttrans: friendly notice if dracut not found (boo#1123721) ==== system-users ==== Subpackages: system-group-hardware system-group-kvm system-user-lp system-user-nobody system-user-tss - Set shell for nobody in sysusers.d config ==== systemd ==== Version update (248.6 -> 249.4) Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Don't reexecute user manager instances on package update yet This can't be done until users have their user instance updated to the new version that supports reexecuting with SIGRTMIN+25 because this signal terminates the user managers for the previous versions. - Import commit ec72db9ee0f8ce061f83624d7148ff38a5993b11 3b1aa2f79f manager: reexecute on SIGRTMIN+25, user instances only fd46c81922 test: make sure to include all haveged unit files - systemd.spec: reexec user manager instances on package updates - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480) - Drop dependency on m4 (replaced by Jinja2) - Configure split-usr=true only when %usrmerged is not defined - Import commit 40bda18e346ff45132ccd6f8f8e96de78dcf3470 (merge of v249.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/7f23815a706cf2b2df3eac2eb2f82207... - Rework the test (sub)package: - it's been renamed into 'systemd-testsuite' - it includes the extended tests too - the relevant commits have been backported to SUSE/v249 so no SUSE specific patch is needed to run the extended tests (see below) - the deps needed by the extended tests have been added - Import commit 7f23815a706cf2b2df3eac2eb2f8220736b8f427 ad216581b6 test: if haveged is part of initrd it needs to be installed in the image too 088fbb71d0 test: adapt install_pam() for openSUSE 4d631c1f0c Revert "test: adapt TEST-13-NSPAWN-SMOKE for SUSE" ef956eb8a2 test: on openSUSE the static linked version of busybox is named "busybox-static" 6f7ce633b0 TEST-13-*: in busybox container sleep(1) takes a delay in seconds only 278baaa3ec test: don't try to find BUILD_DIR when NO_BUILD is set 3bba2f876a test: add support for NO_BUILD=1 on openSUSE d77cbc1b64 test: make busybox TEST-13-only dependency - Upgrade to v249.2 (commit c0bb2fcbc26f6aacde574656159504f263916719) See https://github.com/openSUSE/systemd/blob/SUSE/v249/NEWS for details. - Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch ==== systemd-default-settings ==== Subpackages: systemd-default-settings-branding-SLE systemd-default-settings-branding-openSUSE - Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2 6b8dde1 Convert more drop-ins into early ones ==== sysuser-tools ==== - Add support for new shell field [bsc#1189518] ==== talloc ==== Version update (2.3.2 -> 2.3.3) - Update to 2.3.3 + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL;(bso#9931); ==== transactional-update ==== Version update (3.5.1 -> 3.5.5) Subpackages: dracut-transactional-update libtukit0 transactional-update-zypp-config tukit - Version 3.5.5 - t-u: Use tukit for SUSEConnect call [bsc#1190574] Correctly registers repositories - Version 3.5.4 - tukit: Fix resolved support [boo#1190383] - Version 3.5.3 - t-u: Purge kernels as part of package operations Required for live patching support [bsc#1189728] - Version 3.5.2 - tukit: Fix overlay syncing errors with SELinux [bsc#1188648] - Don't print message for `shell` with --quiet [gh#openSUSE/transactional-update#69] ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Remove the raw utility altogether, as it is not even built any more with glibc >=2.34. ==== util-linux-systemd ==== - Remove the raw utility altogether, as it is not even built any more with glibc >=2.34. - login.pamd: use pam_motd to unify motd handling [bsc#1185897]. Else motd snippets of e.g. cockpit will not be shown. ==== vim ==== Version update (8.2.3360 -> 8.2.3408) Subpackages: vim-data-common vim-small - Changed used terminal description in %check scriptlet from "linux" to "xterm" as the former does not map <S-Tab> to <ESC>[Z found by a fix in terminfo database of ncurses 6.2 patch 20210904 - Updated to version 8.2.3408, fixes the following problems * User function completion fails with dict function. * Vim9: crash with nested :while. * Buffer overflow when completing long tag name. * When :edit reuses the current buffer the alternate file is set to the same buffer. * Vim9: crash when :for is skipped. * Vim9: cannot use option for all operations. * Vim9: debugging elseif does not stop before condition. * Vim9: :@r executing a register is inconsistent. * Not all Racket files are recognized. * Auto formatting after "cw" leaves cursor in wrong spot. * Vim9: no check for white space before type in declaration. (Naohiro Ono) * Vim9: :$ENV cannot be followed by ->func() in next line. * line2byte() value wrong when adding a text property. (Yuto Kimura) * text property test fails on MS-Windows. * Pyret files are not recognized. * Using uninitialized memory. * Vim9: no warning that "@r" does not do anything. * Vim9: :disass completion does not understand "s:". * Crash when using NULL job. * Crash when using NULL string for funcref(). * Crash when using NULL list with sign functions. * Crash when getting the type of a NULL partial. * Vim9: completion for :disassemble adds parenthesis. * Cannot disable modeline for an individual file. * Escaping for fish shell does not work properly. * Using uninitialized memory. * Compiler warning for non-static function. * fnamemodify('path/..', ':p') differs from using 'path/../'. * Cannot stop insert mode completion without side effects. * Included xdiff code is outdated. * Crash with combination of 'linebreak' and other options. * augroup completion escapes regexp pattern characters. * Escaping for fish shell is skipping some characters. * Filler lines are wrong when changing text in diff mode. * Vim9: expression breakpoint not checked in :def function. * When libcall() fails invalid pointer may be used. * No test for what 8.2.3391 fixes. * Html text objects are not fully tested. * Octave files are not recognized. * ":z!" is not supported. * Vim9: cannot use a negative count with finddir() and findfile(). * Invalid memory access when using :retab with large value. * Memory leak for :retab with invalid argument. * Vim9: no error for white space before "(". * Cannot have a comment line in a {} block of a user command. * On some systems tests fail without _REENTRANT. (Elimar Riesebieter) * Using uninitialized memory with "let g:['bar'] = 2". * Can delete a numbered function. (Naohiro Ono) ==== xkeyboard-config ==== - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== yast2 ==== Version update (4.4.16 -> 4.4.20) - Fixed losing the current product and package selection during installation, caused by unnecessary reloading of repositories (bsc#1190228) - 4.4.20 - Added infrastructure for installing missing UI extension plug-ins (jsc#SLE-20346, jsc#SLE-20462) - 4.4.19 - Add Y2Issues::WithIssues mixin to make easier to work with a list of issues (needed for jsc#SLE-20563). - 4.4.18 - Mark systemd unit/service state "maintenance" as active (bsc#1190163) - 4.4.17 ==== yomi-formula ==== Version update (0.0.1+git.1629280900.fdbe9f0 -> 0.0.1+git.1630589391.4557cfd) - Update to version 0.0.1+git.1630589391.4557cfd: * macros: fix names of states and modules ==== zypper ==== Version update (1.14.48 -> 1.14.49) Subpackages: zypper-needs-restarting - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Fix typo in German translation (fixes #395) - BuildRequires: libzypp-devel >= 17.28.3. - version 1.14.49